doc: adds an explanation of the global redirection pattern.
This commit is contained in:
parent
8d467ddd61
commit
6c4d7fd377
2 changed files with 209 additions and 41 deletions
|
@ -72,7 +72,7 @@ helm install ./traefik-helm-chart
|
||||||
{: #helm-custom-values }
|
{: #helm-custom-values }
|
||||||
|
|
||||||
The values are not (yet) documented, but are self-explanatory:
|
The values are not (yet) documented, but are self-explanatory:
|
||||||
you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/values.yaml) file to explore possibilities.
|
you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
|
||||||
|
|
||||||
Example of installation with logging set to `DEBUG`:
|
Example of installation with logging set to `DEBUG`:
|
||||||
|
|
||||||
|
|
|
@ -184,7 +184,7 @@ Then any router can refer to an instance of the wanted middleware.
|
||||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||||
```
|
```
|
||||||
|
|
||||||
## TLS Configuration Is Now Dynamic, per Router.
|
## TLS Configuration is Now Dynamic, per Router.
|
||||||
|
|
||||||
TLS parameters used to be specified in the static configuration, as an entryPoint field.
|
TLS parameters used to be specified in the static configuration, as an entryPoint field.
|
||||||
With Traefik v2, a new dynamic TLS section at the root contains all the desired TLS configurations.
|
With Traefik v2, a new dynamic TLS section at the root contains all the desired TLS configurations.
|
||||||
|
@ -209,7 +209,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
]
|
]
|
||||||
[[entryPoints.web-secure.tls.certificates]]
|
[[entryPoints.web-secure.tls.certificates]]
|
||||||
certFile = "path/to/my.cert"
|
certFile = "path/to/my.cert"
|
||||||
keyFile = "path/to/my.key"
|
keyFile = "path/to/my.key"
|
||||||
|
@ -242,13 +242,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
[tls.options.myTLSOptions]
|
[tls.options.myTLSOptions]
|
||||||
minVersion = "VersionTLS13"
|
minVersion = "VersionTLS13"
|
||||||
cipherSuites = [
|
cipherSuites = [
|
||||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
|
||||||
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
```yaml tab="File (YAML)"
|
||||||
|
@ -322,50 +322,216 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
- "traefik.http.routers.router0.tls.options=myTLSOptions@file"
|
- "traefik.http.routers.router0.tls.options=myTLSOptions@file"
|
||||||
```
|
```
|
||||||
|
|
||||||
## HTTP to HTTPS Redirection Is Now Configured on Routers
|
## HTTP to HTTPS Redirection is Now Configured on Routers
|
||||||
|
|
||||||
Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
|
Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
|
||||||
With Traefik v2 it is applied on a [Router](../routing/routers/index.md).
|
With Traefik v2 it is applied on a [Router](../routing/routers/index.md).
|
||||||
|
|
||||||
To apply a redirection, one of the redirect middlewares, [RedirectRegex](../middlewares/redirectregex.md) or [RedirectScheme](../middlewares/redirectscheme.md), has to be configured and added to the router middlewares list.
|
To apply a redirection, one of the redirect middlewares, [RedirectRegex](../middlewares/redirectregex.md) or [RedirectScheme](../middlewares/redirectscheme.md), has to be configured and added to the router middlewares list.
|
||||||
|
|
||||||
!!! example "HTTP to HTTPS redirection"
|
!!! example "Global HTTP to HTTPS redirection"
|
||||||
|
|
||||||
!!! info "v1"
|
!!! info "v1"
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
# static configuration
|
# static configuration
|
||||||
defaultEntryPoints = ["http", "https"]
|
defaultEntryPoints = ["web", "websecure"]
|
||||||
|
|
||||||
[entryPoints]
|
[entryPoints]
|
||||||
[entryPoints.http]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
[entryPoints.http.redirect]
|
[entryPoints.web.redirect]
|
||||||
entryPoint = "https"
|
entryPoint = "websecure"
|
||||||
|
|
||||||
[entryPoints.https]
|
[entryPoints.websecure]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
[entryPoints.https.tls]
|
[entryPoints.websecure.tls]
|
||||||
[[entryPoints.https.tls.certificates]]
|
```
|
||||||
|
|
||||||
|
```bash tab="CLI"
|
||||||
|
--entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
|
||||||
|
--entryPoints='Name:websecure Address::443 TLS'
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! info "v2"
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
# ...
|
||||||
|
traefik:
|
||||||
|
image: traefik:v2.1
|
||||||
|
command:
|
||||||
|
- --entrypoints.web.address=:80
|
||||||
|
- --entrypoints.websecure.address=:443
|
||||||
|
- --providers.docker=true
|
||||||
|
ports:
|
||||||
|
- 80:80
|
||||||
|
- 443:443
|
||||||
|
labels:
|
||||||
|
traefik.http.routers.http_catchall.rule: HostRegexp(`{any:.+}`)
|
||||||
|
traefik.http.routers.http_catchall.entrypoints: web
|
||||||
|
traefik.http.routers.http_catchall.middlewares: https_redirect
|
||||||
|
traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
|
||||||
|
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="K8s IngressRoute"
|
||||||
|
# The entry points web (port 80) and websecure (port 443) must be defined the static configuration.
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: http_catchall
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- web
|
||||||
|
routes:
|
||||||
|
- match: HostRegexp(`{any:.+}`)
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
# any service in the namespace
|
||||||
|
# the service will be never called
|
||||||
|
- name: noop
|
||||||
|
port: 80
|
||||||
|
middlewares:
|
||||||
|
- name: https_redirect
|
||||||
|
# if the Middleware has distinct namespace
|
||||||
|
namespace: traefik
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: https_redirect
|
||||||
|
namespace: traefik
|
||||||
|
spec:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File (TOML)"
|
||||||
|
# traefik.toml
|
||||||
|
## static configuration
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = 80
|
||||||
|
[entryPoints.websecure]
|
||||||
|
address = 443
|
||||||
|
|
||||||
|
[providers.file]
|
||||||
|
directory = "/dynamic/"
|
||||||
|
|
||||||
|
##--------------------##
|
||||||
|
|
||||||
|
# /dynamic/redirect.toml
|
||||||
|
## dynamic configuration
|
||||||
|
|
||||||
|
[http.routers]
|
||||||
|
[http.routers.http_catchall]
|
||||||
|
entryPoints = ["web"]
|
||||||
|
middlewares = ["https_redirect"]
|
||||||
|
rule = "HostRegexp(`{any:.+}`)"
|
||||||
|
service = "noop"
|
||||||
|
|
||||||
|
[http.services]
|
||||||
|
# noop service, the URL will be never called
|
||||||
|
[http.services.noop.loadBalancer]
|
||||||
|
[[http.services.noop.loadBalancer.servers]]
|
||||||
|
url = "http://192.168.0.1:1337"
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.https_redirect.redirectScheme]
|
||||||
|
scheme = "https"
|
||||||
|
permanent = true
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="File (YAML)"
|
||||||
|
# traefik.yaml
|
||||||
|
## static configuration
|
||||||
|
|
||||||
|
entryPoints:
|
||||||
|
web:
|
||||||
|
address: 80
|
||||||
|
websecure:
|
||||||
|
address: 443
|
||||||
|
|
||||||
|
providers:
|
||||||
|
file:
|
||||||
|
directory: /dynamic/
|
||||||
|
|
||||||
|
##--------------------##
|
||||||
|
|
||||||
|
# /dynamic/redirect.yml
|
||||||
|
## dynamic configuration
|
||||||
|
|
||||||
|
http:
|
||||||
|
routers:
|
||||||
|
http_catchall:
|
||||||
|
entryPoints:
|
||||||
|
- web
|
||||||
|
middlewares:
|
||||||
|
- https_redirect
|
||||||
|
rule: "HostRegexp(`{any:.+}`)"
|
||||||
|
service: noop
|
||||||
|
|
||||||
|
services:
|
||||||
|
# noop service, the URL will be never called
|
||||||
|
noop:
|
||||||
|
loadBalancer:
|
||||||
|
servers:
|
||||||
|
- url: http://192.168.0.1:1337
|
||||||
|
|
||||||
|
middlewares:
|
||||||
|
https_redirect:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! example "HTTP to HTTPS redirection per domain"
|
||||||
|
|
||||||
|
!!! info "v1"
|
||||||
|
|
||||||
|
```toml tab="File (TOML)"
|
||||||
|
# static configuration
|
||||||
|
defaultEntryPoints = ["web", "websecure"]
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = ":80"
|
||||||
|
[entryPoints.web.redirect]
|
||||||
|
entryPoint = "websecure"
|
||||||
|
|
||||||
|
[entryPoints.websecure]
|
||||||
|
address = ":443"
|
||||||
|
[entryPoints.websecure.tls]
|
||||||
|
[[entryPoints.websecure.tls.certificates]]
|
||||||
certFile = "examples/traefik.crt"
|
certFile = "examples/traefik.crt"
|
||||||
keyFile = "examples/traefik.key"
|
keyFile = "examples/traefik.key"
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="CLI"
|
```bash tab="CLI"
|
||||||
--entrypoints=Name:web Address::80 Redirect.EntryPoint:web-secure
|
--entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
|
||||||
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key'
|
--entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key'
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! info "v2"
|
!!! info "v2"
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.web.rule=Host(`foo.com`)
|
traefik.http.routers.app.rule: Host(`foo.com`)
|
||||||
- traefik.http.routers.web.entrypoints=web
|
traefik.http.routers.app.entrypoints: web
|
||||||
- traefik.http.routers.web.middlewares=redirect@file
|
traefik.http.routers.app.middlewares: https_redirect
|
||||||
- traefik.http.routers.web-secured.rule=Host(`foo.com`)
|
|
||||||
- traefik.http.routers.web-secured.entrypoints=web-secure
|
traefik.http.routers.appsecured.rule: Host(`foo.com`)
|
||||||
- traefik.http.routers.web-secured.tls=true
|
traefik.http.routers.appsecured.entrypoints: websecure
|
||||||
|
traefik.http.routers.appsecured.tls: true
|
||||||
|
|
||||||
|
traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
|
||||||
|
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="K8s IngressRoute"
|
```yaml tab="K8s IngressRoute"
|
||||||
|
@ -384,7 +550,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
- name: whoami
|
- name: whoami
|
||||||
port: 80
|
port: 80
|
||||||
middlewares:
|
middlewares:
|
||||||
- name: redirect
|
- name: https_redirect
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
@ -394,7 +560,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web-secure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo`)
|
- match: Host(`foo`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
|
@ -407,11 +573,11 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: redirect
|
name: https_redirect
|
||||||
spec:
|
spec:
|
||||||
redirectScheme:
|
redirectScheme:
|
||||||
scheme: https
|
scheme: https
|
||||||
|
permanent: true
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
|
@ -421,7 +587,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
[entryPoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entryPoints.web-secure]
|
[entryPoints.websecure]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
|
|
||||||
##---------------------##
|
##---------------------##
|
||||||
|
@ -434,12 +600,12 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
rule = "Host(`foo.com`)"
|
rule = "Host(`foo.com`)"
|
||||||
service = "my-service"
|
service = "my-service"
|
||||||
entrypoints = ["web"]
|
entrypoints = ["web"]
|
||||||
middlewares = ["redirect"]
|
middlewares = ["https_redirect"]
|
||||||
|
|
||||||
[http.routers.router1]
|
[http.routers.router1]
|
||||||
rule = "Host(`foo.com`)"
|
rule = "Host(`foo.com`)"
|
||||||
service = "my-service"
|
service = "my-service"
|
||||||
entrypoints = ["web-secure"]
|
entrypoints = ["websecure"]
|
||||||
[http.routers.router1.tls]
|
[http.routers.router1.tls]
|
||||||
|
|
||||||
[http.services]
|
[http.services]
|
||||||
|
@ -449,8 +615,9 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
url = "http://10.10.10.2:80"
|
url = "http://10.10.10.2:80"
|
||||||
|
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.redirect.redirectScheme]
|
[http.middlewares.https_redirect.redirectScheme]
|
||||||
scheme = "https"
|
scheme = "https"
|
||||||
|
permanent = true
|
||||||
|
|
||||||
[[tls.certificates]]
|
[[tls.certificates]]
|
||||||
certFile = "/path/to/domain.cert"
|
certFile = "/path/to/domain.cert"
|
||||||
|
@ -465,7 +632,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
web:
|
web:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
|
|
||||||
web-secure:
|
websecure:
|
||||||
address: ":443"
|
address: ":443"
|
||||||
|
|
||||||
##---------------------##
|
##---------------------##
|
||||||
|
@ -480,13 +647,13 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
middlewares:
|
middlewares:
|
||||||
- redirect
|
- https_redirect
|
||||||
service: my-service
|
service: my-service
|
||||||
|
|
||||||
router1:
|
router1:
|
||||||
rule: "Host(`foo.com`)"
|
rule: "Host(`foo.com`)"
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web-secure
|
- websecure
|
||||||
service: my-service
|
service: my-service
|
||||||
tls: {}
|
tls: {}
|
||||||
|
|
||||||
|
@ -498,9 +665,10 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
- url: http://10.10.10.2:80
|
- url: http://10.10.10.2:80
|
||||||
|
|
||||||
middlewares:
|
middlewares:
|
||||||
redirect:
|
https_redirect:
|
||||||
redirectScheme:
|
redirectScheme:
|
||||||
scheme: https
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
|
||||||
tls:
|
tls:
|
||||||
certificates:
|
certificates:
|
||||||
|
@ -512,14 +680,14 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||||
|
|
||||||
With the new core notions of v2 (introduced earlier in the section
|
With the new core notions of v2 (introduced earlier in the section
|
||||||
["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
|
["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
|
||||||
transforming the URL path prefix of incoming requests is configured with [middlewares](../../middlewares/overview/),
|
transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
|
||||||
after the routing step with [router rule `PathPrefix`](https://docs.traefik.io/v2.0/routing/routers/#rule).
|
after the routing step with [router rule `PathPrefix`](https://docs.traefik.io/v2.0/routing/routers/#rule).
|
||||||
|
|
||||||
Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
|
Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
|
||||||
with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
|
with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
|
||||||
|
|
||||||
* First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
|
* First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
|
||||||
* Then, define a middleware of type [`stripprefix`](../../middlewares/stripprefix/), which remove the prefix `/admin`, associated to the router `admin`.
|
* Then, define a middleware of type [`stripprefix`](../middlewares/stripprefix.md), which removes the prefix `/admin`, associated to the router `admin`.
|
||||||
|
|
||||||
!!! example "Strip Path Prefix When Forwarding to Backend"
|
!!! example "Strip Path Prefix When Forwarding to Backend"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue