2022-04-15 13:44:08 +00:00
|
|
|
---
|
|
|
|
|
title: "Traefik Proxy TCP Middleware Overview"
|
|
|
|
|
description: "Read the official Traefik Proxy documentation for an overview of the available TCP middleware."
|
|
|
|
|
---
|
|
|
|
|
|
2021-06-11 13:30:05 +00:00
|
|
|
# TCP Middlewares
|
|
|
|
|
|
|
|
|
|
Controlling connections
|
|
|
|
|
{: .subtitle }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration Example
|
|
|
|
|
|
|
|
|
|
```yaml tab="Docker"
|
|
|
|
|
# As a Docker Label
|
|
|
|
|
whoami:
|
|
|
|
|
# A container that exposes an API to show its IP address
|
|
|
|
|
image: traefik/whoami
|
|
|
|
|
labels:
|
2022-10-26 15:16:05 +00:00
|
|
|
# Create a middleware named `foo-ip-allowlist`
|
|
|
|
|
- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
|
|
|
|
# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
|
|
|
|
|
- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
|
2021-06-11 13:30:05 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```yaml tab="Kubernetes IngressRoute"
|
|
|
|
|
# As a Kubernetes Traefik IngressRoute
|
|
|
|
|
apiVersion: apiextensions.k8s.io/v1beta1
|
|
|
|
|
kind: CustomResourceDefinition
|
|
|
|
|
metadata:
|
2023-03-20 14:38:08 +00:00
|
|
|
name: middlewaretcps.traefik.io
|
2021-06-11 13:30:05 +00:00
|
|
|
spec:
|
2023-03-20 14:38:08 +00:00
|
|
|
group: traefik.io
|
2021-06-11 13:30:05 +00:00
|
|
|
version: v1alpha1
|
|
|
|
|
names:
|
|
|
|
|
kind: MiddlewareTCP
|
|
|
|
|
plural: middlewaretcps
|
|
|
|
|
singular: middlewaretcp
|
|
|
|
|
scope: Namespaced
|
|
|
|
|
|
|
|
|
|
---
|
2023-03-20 14:38:08 +00:00
|
|
|
apiVersion: traefik.io/v1alpha1
|
2022-02-07 14:22:07 +00:00
|
|
|
kind: MiddlewareTCP
|
2021-06-11 13:30:05 +00:00
|
|
|
metadata:
|
2022-10-26 15:16:05 +00:00
|
|
|
name: foo-ip-allowlist
|
2021-06-11 13:30:05 +00:00
|
|
|
spec:
|
2022-10-26 15:16:05 +00:00
|
|
|
ipAllowList:
|
2021-06-11 13:30:05 +00:00
|
|
|
sourcerange:
|
|
|
|
|
- 127.0.0.1/32
|
|
|
|
|
- 192.168.1.7
|
|
|
|
|
|
|
|
|
|
---
|
2023-03-20 14:38:08 +00:00
|
|
|
apiVersion: traefik.io/v1alpha1
|
2022-02-07 14:22:07 +00:00
|
|
|
kind: IngressRouteTCP
|
2021-06-11 13:30:05 +00:00
|
|
|
metadata:
|
|
|
|
|
name: ingressroute
|
|
|
|
|
spec:
|
|
|
|
|
# more fields...
|
|
|
|
|
routes:
|
|
|
|
|
# more fields...
|
|
|
|
|
middlewares:
|
2022-10-26 15:16:05 +00:00
|
|
|
- name: foo-ip-allowlist
|
2021-06-11 13:30:05 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```yaml tab="Consul Catalog"
|
2022-10-26 15:16:05 +00:00
|
|
|
# Create a middleware named `foo-ip-allowlist`
|
|
|
|
|
- "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
|
|
|
|
# Apply the middleware named `foo-ip-allowlist` to the router named `router1`
|
|
|
|
|
- "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
|
2021-06-11 13:30:05 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```toml tab="File (TOML)"
|
|
|
|
|
# As TOML Configuration File
|
|
|
|
|
[tcp.routers]
|
|
|
|
|
[tcp.routers.router1]
|
|
|
|
|
service = "myService"
|
2022-10-26 15:16:05 +00:00
|
|
|
middlewares = ["foo-ip-allowlist"]
|
2021-06-11 13:30:05 +00:00
|
|
|
rule = "Host(`example.com`)"
|
|
|
|
|
|
|
|
|
|
[tcp.middlewares]
|
2022-10-26 15:16:05 +00:00
|
|
|
[tcp.middlewares.foo-ip-allowlist.ipAllowList]
|
2021-06-11 13:30:05 +00:00
|
|
|
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
|
|
|
|
|
|
|
|
|
[tcp.services]
|
|
|
|
|
[tcp.services.service1]
|
|
|
|
|
[tcp.services.service1.loadBalancer]
|
|
|
|
|
[[tcp.services.service1.loadBalancer.servers]]
|
|
|
|
|
address = "10.0.0.10:4000"
|
|
|
|
|
[[tcp.services.service1.loadBalancer.servers]]
|
|
|
|
|
address = "10.0.0.11:4000"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```yaml tab="File (YAML)"
|
|
|
|
|
# As YAML Configuration File
|
|
|
|
|
tcp:
|
|
|
|
|
routers:
|
|
|
|
|
router1:
|
|
|
|
|
service: myService
|
|
|
|
|
middlewares:
|
2022-10-26 15:16:05 +00:00
|
|
|
- "foo-ip-allowlist"
|
2021-06-11 13:30:05 +00:00
|
|
|
rule: "Host(`example.com`)"
|
|
|
|
|
|
|
|
|
|
middlewares:
|
2022-10-26 15:16:05 +00:00
|
|
|
foo-ip-allowlist:
|
|
|
|
|
ipAllowList:
|
2021-06-11 13:30:05 +00:00
|
|
|
sourceRange:
|
|
|
|
|
- "127.0.0.1/32"
|
|
|
|
|
- "192.168.1.7"
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
service1:
|
|
|
|
|
loadBalancer:
|
|
|
|
|
servers:
|
|
|
|
|
- address: "10.0.0.10:4000"
|
|
|
|
|
- address: "10.0.0.11:4000"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Available TCP Middlewares
|
|
|
|
|
|
|
|
|
|
| Middleware | Purpose | Area |
|
|
|
|
|
|-------------------------------------------|---------------------------------------------------|-----------------------------|
|
2021-11-29 16:12:06 +00:00
|
|
|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
|
2022-10-26 15:16:05 +00:00
|
|
|
| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |
|
