Update the middleware documentation

This commit is contained in:
Jean-Baptiste Doumenjou 2019-04-08 17:14:08 +02:00 committed by Traefiker Bot
parent 6ab991ebf4
commit 2e20394af4
24 changed files with 488 additions and 70 deletions

View file

@ -58,7 +58,7 @@ PRE_TARGET= make test-unit
### Method 2: Using `go` ### Method 2: Using `go`
You need `go` v1.9+. You need `go` v1.12+.
!!! tip "Source Directory" !!! tip "Source Directory"

View file

@ -5,7 +5,8 @@ Everything You Need to Know
## Edge Router ## Edge Router
Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request: it knows all the logic and every rule that determine which services handle which requests (based on the [path](../../routing/routers/#rule), the [host](../../routing/routers/#rule), [headers](../../routing/routers/#rule), [and so on](../../routing/routers/#rule) ...). Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...).
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png) ![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
@ -18,7 +19,7 @@ Deploying your services, you attach information that tell Traefik the characteri
![Decentralized Configuration](../assets/img/traefik-concepts-2.png) ![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time. It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
The opposite is true: when you remove a service from your infrastructure, the route will disapear accordingly. The opposite is true: when you remove a service from your infrastructure, the route will disappear accordingly.
You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules. You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.

View file

@ -330,7 +330,7 @@ storage = "traefik/acme/account"
Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved. Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved.
For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul. For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul.
## Fallbacks ## Fallback
If Let's Encrypt is not reachable, the following certificates will apply: If Let's Encrypt is not reachable, the following certificates will apply:

View file

@ -26,6 +26,12 @@ spec:
prefix: /foo prefix: /foo
``` ```
```yaml tab="Rancher"
# Prefixing with /foo
labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
```
```toml tab="File" ```toml tab="File"
# Prefixing with /foo # Prefixing with /foo
[http.middlewares] [http.middlewares]

View file

@ -28,6 +28,12 @@ spec:
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0 - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
``` ```
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File" ```toml tab="File"
# Declaring the user list # Declaring the user list
[http.middlewares] [http.middlewares]

View file

@ -30,6 +30,12 @@ spec:
maxRequestBodyBytes: 250000 maxRequestBodyBytes: 250000
``` ```
```yaml tab="Rancher"
# Sets the maximum request body to 2Mb
labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000"
```
```toml tab="File" ```toml tab="File"
# Sets the maximum request body to 2Mb # Sets the maximum request body to 2Mb
[http.middlewares] [http.middlewares]

View file

@ -83,6 +83,18 @@ spec:
- 127.0.0.1/32 - 127.0.0.1/32
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
```toml tab="File" ```toml tab="File"
# ... # ...
[http.routers] [http.routers]

View file

@ -40,6 +40,12 @@ spec:
expression: LatencyAtQuantileMS(50.0) > 100 expression: LatencyAtQuantileMS(50.0) > 100
``` ```
```yaml tab="Rancher"
# Latency Check
labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File" ```toml tab="File"
# Latency Check # Latency Check
[http.middlewares] [http.middlewares]

View file

@ -15,6 +15,12 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```yaml tab="Rancher"
# Enable gzip compression
labels:
- "traefik.http.middlewares.test-compress.compress=true"
```
```toml tab="File" ```toml tab="File"
# Enable gzip compression # Enable gzip compression
[http.middlewares] [http.middlewares]

View file

@ -27,6 +27,11 @@ spec:
- test2:traefik:518845800f9e2bfb1f1f740ec24f074e - test2:traefik:518845800f9e2bfb1f1f740ec24f074e
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File" ```toml tab="File"
[http.middlewares] [http.middlewares]
[http.middlewares.test-auth.digestAuth] [http.middlewares.test-auth.digestAuth]
@ -93,6 +98,11 @@ spec:
headerField: X-WebAuth-User headerField: X-WebAuth-User
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```
```toml tab="File" ```toml tab="File"
[http.middlewares.my-auth.digestAuth] [http.middlewares.my-auth.digestAuth]
# ... # ...

View file

@ -33,6 +33,14 @@ spec:
query: /{status}.html query: /{status}.html
``` ```
```yaml tab="Rancher"
# Dynamic Custom Error Page for 5XX Status Code
labels:
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
```
```toml tab="File" ```toml tab="File"
# Custom Error Page for 5XX # Custom Error Page for 5XX
[http.middlewares] [http.middlewares]

View file

@ -43,6 +43,19 @@ spec:
key: path/to/foo.key key: path/to/foo.key
``` ```
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
```
```toml tab="File" ```toml tab="File"
# Forward authentication to authserver.com # Forward authentication to authserver.com
[http.middlewares] [http.middlewares]

View file

@ -32,6 +32,12 @@ spec:
X-Custom-Response-Header: "True" X-Custom-Response-Header: "True"
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
```
```toml tab="File" ```toml tab="File"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
@ -62,6 +68,12 @@ spec:
X-Custom-Response-Header: "" # Removes X-Custom-Response-Header: "" # Removes
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
```
```toml tab="File" ```toml tab="File"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
@ -94,6 +106,12 @@ spec:
SSLRedirect: "true" SSLRedirect: "true"
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
```
```toml tab="File" ```toml tab="File"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
@ -130,6 +148,14 @@ spec:
AddVaryHeader: "true" AddVaryHeader: "true"
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
```
```toml tab="File" ```toml tab="File"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]

View file

@ -27,6 +27,12 @@ spec:
- 192.168.1.7 - 192.168.1.7
``` ```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File" ```toml tab="File"
# Accepts request from defined IP # Accepts request from defined IP
[http.middlewares] [http.middlewares]
@ -82,6 +88,13 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
depth: 2 depth: 2
``` ```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```toml tab="File" ```toml tab="File"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares] [http.middlewares]
@ -133,6 +146,12 @@ spec:
- 192.168.1.7 - 192.168.1.7
``` ```
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File" ```toml tab="File"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]

View file

@ -25,6 +25,12 @@ spec:
prefix: /bar prefix: /bar
``` ```
```yaml tab="Rancher"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
```
```toml tab="File" ```toml tab="File"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
[http.middlewares] [http.middlewares]

View file

@ -1,4 +1,4 @@
# TODO - PassTLSClientCert # PassTLSClientCert
Adding Client Certificates in a Header Adding Client Certificates in a Header
{: .subtitle } {: .subtitle }
@ -27,6 +27,12 @@ spec:
pem: true pem: true
``` ```
```yaml tab="Rancher"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
```
```toml tab="File" ```toml tab="File"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares] [http.middlewares]
@ -88,6 +94,28 @@ spec:
domainComponent: true domainComponent: true
``` ```
```yaml tab="Rancher"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```toml tab="File" ```toml tab="File"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares] [http.middlewares]
@ -120,8 +148,8 @@ spec:
PassTLSClientCert can add two headers to the request: PassTLSClientCert can add two headers to the request:
* `X-Forwarded-Tls-Client-Cert` that contains the escaped pem. - `X-Forwarded-Tls-Client-Cert` that contains the escaped pem.
* `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string. - `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string.
!!! note !!! note
The headers are filled with escaped string so it can be safely placed inside a URL query. The headers are filled with escaped string so it can be safely placed inside a URL query.
@ -235,6 +263,7 @@ In the following example, you can see a complete certificate. We will use each p
### `pem` ### `pem`
The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escape certificate. The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escape certificate.
In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters : In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters :
??? example "The data used by the pem option" ??? example "The data used by the pem option"
@ -283,10 +312,16 @@ In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----E
The delimiters and `\n` will be removed. The delimiters and `\n` will be removed.
If there are more than one certificate, they are separated by a "`;`". If there are more than one certificate, they are separated by a "`;`".
!!! note "`X-Forwarded-Tls-Client-Cert` value could exceed the web server header size limit"
The header size limit of web servers is commonly between 4kb and 8kb.
You could change the server configuration to allow bigger header or use the `info` option with the needed field(s).
### `info` ### `info`
The `info` option select the specific client certificate details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. The `info` option select the specific client certificate details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
The value of the header will be an escaped concatenation of all the selected certificate details. The value of the header will be an escaped concatenation of all the selected certificate details.
The following example shows an unescaped result that uses all the available fields: The following example shows an unescaped result that uses all the available fields:
```text ```text
@ -300,6 +335,7 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
#### `info.notafter` #### `info.notafter`
Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part. Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
The data are taken from the following certificate part: The data are taken from the following certificate part:
```text ```text
@ -333,6 +369,7 @@ NB=1544094616
#### `info.sans` #### `info.sans`
Set the `info.sans` option to `true` to add the `Subject Alternative Name` information from the `Subject Alternative Name` part. Set the `info.sans` option to `true` to add the `Subject Alternative Name` information from the `Subject Alternative Name` part.
The data are taken from the following certificate part: The data are taken from the following certificate part:
```text ```text

View file

@ -1,4 +1,4 @@
# TODO -- RateLimit # RateLimit
Protection from Too Many Calls Protection from Too Many Calls
{: .subtitle } {: .subtitle }
@ -9,38 +9,71 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
## Configuration Example ## Configuration Example
??? example "Limit to 100 requests every 10 seconds (with a possible burst of 200)" ```yaml tab="Docker"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
```toml
[http.middlewares]
[http.middlewares.fair-ratelimit.ratelimit]
extractorfunc = "client.ip"
[http.middlewares.fair-ratelimit.ratelimit.rateset1]
period = "10s"
average = 100
burst = 200
``` ```
??? example "Combine multiple limits" ```yaml tab="Kubernetes"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
```toml # These can "burst" up to 10 and 200 in each period, respectively.
[http.middlewares] apiVersion: traefik.containo.us/v1alpha1
[http.middlewares.fair-ratelimit.ratelimit] kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
extractorfunc = "client.ip" extractorfunc = "client.ip"
rate0:
[http.middlewares.fair-ratelimit.ratelimit.rateset1]
period = "10s" period = "10s"
average = 100 average = 100
burst = 200 burst = 200
rate1:
[http.middlewares.fair-ratelimit.ratelimit.rateset2]
period = "3s" period = "3s"
average = 5 average = 5
burst = 10 burst = 10
``` ```
Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can "burst" up to 10 and 200 in each period, respectively. ```yaml tab="Rancher"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
```
```toml tab="File"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
[http.middlewares]
[http.middlewares.test-ratelimit.ratelimit]
extractorfunc = "client.ip"
[http.middlewares.test-ratelimit.ratelimit.rate0]
period = "10s"
average = 100
burst = 200
[http.middlewares.test-ratelimit.ratelimit.rate1]
period = "3s"
average = 5
burst = 10
```
## Configuration Options ## Configuration Options
@ -54,7 +87,7 @@ The possible values are:
- `client.ip` categorizes requests based on the client ip. - `client.ip` categorizes requests based on the client ip.
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value. - `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
### `ratelimit` (multiple values) ### `ratelimit`
You can combine multiple rate limits. You can combine multiple rate limits.
The rate limit will trigger with the first reached limit. The rate limit will trigger with the first reached limit.

View file

@ -1,4 +1,4 @@
# TODO - RedirectRegex # RedirectRegex
Redirecting the Client to a Different Location Redirecting the Client to a Different Location
{: .subtitle } {: .subtitle }
@ -28,6 +28,13 @@ spec:
replacement: http://mydomain/$1 replacement: http://mydomain/$1
``` ```
```yaml tab="Rancher"
# Redirect with domain replacement
labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1"
```
```toml tab="File" ```toml tab="File"
# Redirect with domain replacement # Redirect with domain replacement
[http.middlewares] [http.middlewares]
@ -44,7 +51,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
### `regex` ### `regex`
The `Regex` option is the regular expression to match and capture elements form the request URL. The `Regex` option is the regular expression to match and capture elements from the request URL.
!!! warning !!! warning

View file

@ -1,4 +1,4 @@
# TODO - RedirectScheme # RedirectScheme
Redirecting the Client to a Different Scheme/Port Redirecting the Client to a Different Scheme/Port
{: .subtitle } {: .subtitle }
@ -26,6 +26,12 @@ spec:
scheme: https scheme: https
``` ```
```yaml tab="Rancher"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
```
```toml tab="File" ```toml tab="File"
# Redirect to https # Redirect to https
[http.middlewares] [http.middlewares]

View file

@ -1,4 +1,4 @@
# TODO -- ReplacePath # ReplacePath
Updating the Path Before Forwarding the Request Updating the Path Before Forwarding the Request
{: .subtitle } {: .subtitle }
@ -26,6 +26,12 @@ spec:
path: /foo path: /foo
``` ```
```yaml tab="Rancher"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
```
```toml tab="File" ```toml tab="File"
# Replace the path by /foo # Replace the path by /foo
[http.middlewares] [http.middlewares]
@ -39,8 +45,8 @@ spec:
The ReplacePath middleware will: The ReplacePath middleware will:
* replace the actual path by the specified one. - replace the actual path by the specified one.
* store the original path in a `X-Replaced-Path` header. - store the original path in a `X-Replaced-Path` header.
### `path` ### `path`

View file

@ -1,4 +1,69 @@
# TODO -- ReplacePathRegex # ReplacePathRegex
Updating the Path Before Forwarding the Request (Using a Regex) Updating the Path Before Forwarding the Request (Using a Regex)
{: .subtitle } {: .subtitle }
`TODO: add schema`
The ReplaceRegex replace a path from an url to another with regex matching and replacement.
## Configuration Examples
```yaml tab="Docker"
# Replace path with regex
labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```yaml tab="Kubernetes"
# Replace path with regex
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-replacepathregex
spec:
replacePathRegex:
regex: ^/foo/(.*)
replacement: /bar/$1
```
```yaml tab="Rancher"
# Replace path with regex
labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```toml tab="File"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
## Configuration Options
### General
The ReplacePathRegex middleware will:
- replace the matching path by the specified one.
- store the original path in a `X-Replaced-Path` header.
### `regex`
The `Regex` option is the regular expression to match and capture the path from the request URL.
!!! warning
Care should be taken when defining replacement expand variables: `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax.
!!! tip
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
### `replacement`
The `replacement` option defines how to modify the path to have the new target path.

View file

@ -1,20 +1,48 @@
# TODO -- Retry # Retry
Retrying until it Succeeds Retrying until it Succeeds
{: .subtitle } {: .subtitle }
## Old Content `TODO: add schema`
## Retry Configuration Retry to send request on attempt failure.
```toml ## Configuration Examples
# Enable retry sending request if network error
[retry]
# Number of attempts ```yaml tab="Docker"
# # Retry to send request 4 times
# Optional labels:
# Default: (number servers in backend) -1 - "traefik.http.middlewares.test-retry.retry.attempts=4"
#
# attempts = 3
``` ```
```yaml tab="Kubernetes"
# Retry to send request 4 times
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-retry
spec:
retry:
attempts: 4
```
```yaml tab="Rancher"
# Retry to send request 4 times
labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4"
```
```toml tab="File"
# Retry to send request 4 times
[http.middlewares]
[http.middlewares.test-retry.Retry]
attempts = 4
```
## Configuration Options
### `attempts`
_mandatory_
The `attempts` option defines how many times to try sending the request.

View file

@ -1,13 +1,66 @@
# TODO -- StripPrefix # StripPrefix
Removing Prefixes From the Path Before Forwarding the Request Removing Prefixes From the Path Before Forwarding the Request
{: .subtitle } {: .subtitle }
## OldContent `TODO: add schema`
Remove the specified prefixes from the URL path.
## Configuration Examples
```yaml tab="Docker"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
```
```yaml tab="Kubernetes"
# Replace the path by /foo
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-stripprefix
spec:
StripPrefix:
prefixes: "foobar, fiibar"
```
```yaml tab="Rancher"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
```
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-stripprefix.StripPrefix]
prefixes: "foobar, fiibar"
```
## Configuration Options
### General
The StripPrefix middleware will:
- strip the matching path prefix.
- store the matching path prefix in a `X-Forwarded-Prefix` header.
!!! tip
Use a `StripPrefix` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
### `prefixes`
The `prefixes` option defines the prefixes to strip from the request URL.
For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically.

View file

@ -1,13 +1,71 @@
# TODO -- StripPrefix # StripPrefix
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex) Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
{: .subtitle } {: .subtitle }
## OldContent `TODO: add schema`
Remove the matching prefixes from the URL path.
## Configuration Examples
```yaml tab="Docker"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
```
```yaml tab="Kubernetes"
# Replace the path by /foo
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-stripprefixregex
spec:
StripPrefixRegex:
regex: "^/foo/(.*)"
```
```yaml tab="Rancher"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
```
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-stripprefixregex.StripPrefixRegex]
regex: "^/foo/(.*)"
```
## Configuration Options
### General
The StripPrefixRegex middleware will:
- strip the matching path prefix.
- store the matching path prefix in a `X-Forwarded-Prefix` header.
!!! tip
Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
### `regex`
The `regex` option is the regular expression to match the path prefix from the request URL.
!!! tip
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically.