Merge github.com:traefik/traefik
This commit is contained in:
commit
6d5fb61856
63 changed files with 45 additions and 988 deletions
|
@ -134,14 +134,6 @@ issues:
|
||||||
exclude:
|
exclude:
|
||||||
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
|
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
|
||||||
- "should have a package comment, unless it's in another file for this package"
|
- "should have a package comment, unless it's in another file for this package"
|
||||||
- 'SA1019: cfg.SSLRedirect is deprecated'
|
|
||||||
- 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
|
|
||||||
- 'SA1019: cfg.SSLHost is deprecated'
|
|
||||||
- 'SA1019: cfg.SSLForceHost is deprecated'
|
|
||||||
- 'SA1019: cfg.FeaturePolicy is deprecated'
|
|
||||||
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
|
|
||||||
- 'SA1019: c.Providers.Consul.Namespace is deprecated'
|
|
||||||
- 'SA1019: c.Providers.Nomad.Namespace is deprecated'
|
|
||||||
exclude-rules:
|
exclude-rules:
|
||||||
- path: '(.+)_test.go'
|
- path: '(.+)_test.go'
|
||||||
linters:
|
linters:
|
||||||
|
|
|
@ -27,16 +27,15 @@ func setupLogger(staticConfiguration *static.Configuration) {
|
||||||
// configure log level
|
// configure log level
|
||||||
logLevel := getLogLevel(staticConfiguration)
|
logLevel := getLogLevel(staticConfiguration)
|
||||||
|
|
||||||
zerolog.SetGlobalLevel(logLevel)
|
|
||||||
|
|
||||||
// create logger
|
// create logger
|
||||||
logCtx := zerolog.New(w).With().Timestamp()
|
logCtx := zerolog.New(w).With().Timestamp()
|
||||||
if logLevel <= zerolog.DebugLevel {
|
if logLevel <= zerolog.DebugLevel {
|
||||||
logCtx = logCtx.Caller()
|
logCtx = logCtx.Caller()
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Logger = logCtx.Logger()
|
log.Logger = logCtx.Logger().Level(logLevel)
|
||||||
zerolog.DefaultContextLogger = &log.Logger
|
zerolog.DefaultContextLogger = &log.Logger
|
||||||
|
zerolog.SetGlobalLevel(logLevel)
|
||||||
|
|
||||||
// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
|
// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
|
||||||
logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)
|
logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)
|
||||||
|
|
|
@ -204,10 +204,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if staticConfiguration.Pilot != nil {
|
|
||||||
log.Warn().Msg("Traefik Pilot has been removed.")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Plugins
|
// Plugins
|
||||||
|
|
||||||
pluginBuilder, err := createPluginBuilder(staticConfiguration)
|
pluginBuilder, err := createPluginBuilder(staticConfiguration)
|
||||||
|
|
|
@ -2,33 +2,4 @@
|
||||||
|
|
||||||
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
|
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
|
||||||
|
|
||||||
| Feature | Deprecated | End of Support | Removal |
|
There is no feature deprecation in Traefik v3 for now.
|
||||||
|-------------------------------------------------------------|------------|----------------|---------|
|
|
||||||
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
|
|
||||||
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
|
|
||||||
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
|
|
||||||
| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 |
|
|
||||||
|
|
||||||
## Impact
|
|
||||||
|
|
||||||
### Pilot
|
|
||||||
|
|
||||||
Metrics will continue to function normally up to 2.8, when they will be disabled.
|
|
||||||
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
|
|
||||||
|
|
||||||
Starting on 2.7 the pilot token will not be a requirement anymore for plugins.
|
|
||||||
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from Pilot.
|
|
||||||
|
|
||||||
### Consul Enterprise Namespace
|
|
||||||
|
|
||||||
Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated,
|
|
||||||
please use the `namespaces` options instead.
|
|
||||||
|
|
||||||
### TLS 1.0 and 1.1
|
|
||||||
|
|
||||||
Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration.
|
|
||||||
|
|
||||||
### Nomad Namespace
|
|
||||||
|
|
||||||
Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
|
|
||||||
please use the `namespaces` options instead.
|
|
||||||
|
|
|
@ -364,43 +364,11 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
|
||||||
|
|
||||||
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
||||||
|
|
||||||
### `sslRedirect`
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
|
||||||
|
|
||||||
The `sslRedirect` only allow HTTPS requests when set to `true`.
|
|
||||||
|
|
||||||
### `sslTemporaryRedirect`
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
|
||||||
|
|
||||||
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
|
|
||||||
|
|
||||||
### `sslHost`
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
|
||||||
|
|
||||||
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
|
|
||||||
|
|
||||||
### `sslProxyHeaders`
|
### `sslProxyHeaders`
|
||||||
|
|
||||||
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
|
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
|
||||||
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
|
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
|
||||||
|
|
||||||
### `sslForceHost`
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
|
||||||
|
|
||||||
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
|
|
||||||
|
|
||||||
### `stsSeconds`
|
### `stsSeconds`
|
||||||
|
|
||||||
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
|
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
|
||||||
|
@ -452,14 +420,6 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
|
||||||
|
|
||||||
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
|
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
|
||||||
|
|
||||||
### `featurePolicy`
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
Deprecated in favor of `permissionsPolicy`
|
|
||||||
|
|
||||||
The `featurePolicy` allows sites to control browser features.
|
|
||||||
|
|
||||||
### `permissionsPolicy`
|
### `permissionsPolicy`
|
||||||
|
|
||||||
The `permissionsPolicy` allows sites to control browser features.
|
The `permissionsPolicy` allows sites to control browser features.
|
||||||
|
|
|
@ -88,85 +88,3 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
|
||||||
|
|
||||||
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
|
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
|
||||||
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
|
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
|
||||||
|
|
||||||
### `forceSlash`
|
|
||||||
|
|
||||||
_Optional, Default=true_
|
|
||||||
|
|
||||||
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
|
|
||||||
|
|
||||||
This option was added to keep the initial (non-intuitive) behavior of this middleware, in order to avoid introducing a breaking change.
|
|
||||||
|
|
||||||
It is recommended to explicitly set `forceSlash` to `false`.
|
|
||||||
|
|
||||||
??? info "Behavior examples"
|
|
||||||
|
|
||||||
- `forceSlash=true`
|
|
||||||
|
|
||||||
| Path | Prefix to strip | Result |
|
|
||||||
|------------|-----------------|--------|
|
|
||||||
| `/` | `/` | `/` |
|
|
||||||
| `/foo` | `/foo` | `/` |
|
|
||||||
| `/foo/` | `/foo` | `/` |
|
|
||||||
| `/foo/` | `/foo/` | `/` |
|
|
||||||
| `/bar` | `/foo` | `/bar` |
|
|
||||||
| `/foo/bar` | `/foo` | `/bar` |
|
|
||||||
|
|
||||||
- `forceSlash=false`
|
|
||||||
|
|
||||||
| Path | Prefix to strip | Result |
|
|
||||||
|------------|-----------------|--------|
|
|
||||||
| `/` | `/` | empty |
|
|
||||||
| `/foo` | `/foo` | empty |
|
|
||||||
| `/foo/` | `/foo` | `/` |
|
|
||||||
| `/foo/` | `/foo/` | empty |
|
|
||||||
| `/bar` | `/foo` | `/bar` |
|
|
||||||
| `/foo/bar` | `/foo` | `/bar` |
|
|
||||||
|
|
||||||
```yaml tab="Docker"
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
|
|
||||||
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
|
|
||||||
```
|
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: Middleware
|
|
||||||
metadata:
|
|
||||||
name: example
|
|
||||||
spec:
|
|
||||||
stripPrefix:
|
|
||||||
prefixes:
|
|
||||||
- "/foobar"
|
|
||||||
forceSlash: false
|
|
||||||
```
|
|
||||||
|
|
||||||
```json tab="Marathon"
|
|
||||||
"labels": {
|
|
||||||
"traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
|
|
||||||
"traefik.http.middlewares.example.stripprefix.forceSlash": "false"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
|
|
||||||
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
|
|
||||||
```
|
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
|
||||||
http:
|
|
||||||
middlewares:
|
|
||||||
example:
|
|
||||||
stripPrefix:
|
|
||||||
prefixes:
|
|
||||||
- "/foobar"
|
|
||||||
forceSlash: false
|
|
||||||
```
|
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
|
||||||
[http.middlewares]
|
|
||||||
[http.middlewares.example.stripPrefix]
|
|
||||||
prefixes = ["/foobar"]
|
|
||||||
forceSlash = false
|
|
||||||
```
|
|
||||||
|
|
|
@ -19,4 +19,14 @@ In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing
|
||||||
|
|
||||||
## gRPC Metrics
|
## gRPC Metrics
|
||||||
|
|
||||||
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
|
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
|
||||||
|
|
||||||
|
## Deprecated Options Removal
|
||||||
|
|
||||||
|
- The `pilot` option has been removed from the static configuration.
|
||||||
|
- The `tracing.datadog.globaltag` option has been removed.
|
||||||
|
- The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed.
|
||||||
|
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers.
|
||||||
|
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
|
||||||
|
- The `forceSlash` option of the StripPrefix middleware has been removed.
|
||||||
|
- the `preferServerCipherSuites` option has been removed.
|
||||||
|
|
|
@ -65,30 +65,6 @@ tracing:
|
||||||
--tracing.datadog.debug=true
|
--tracing.datadog.debug=true
|
||||||
```
|
```
|
||||||
|
|
||||||
#### `globalTag`
|
|
||||||
|
|
||||||
??? warning "Deprecated in favor of the [`globalTags`](#globaltags) option."
|
|
||||||
|
|
||||||
_Optional, Default=empty_
|
|
||||||
|
|
||||||
Applies a shared key:value tag on all spans.
|
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
|
||||||
tracing:
|
|
||||||
datadog:
|
|
||||||
globalTag: sample
|
|
||||||
```
|
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
|
||||||
[tracing]
|
|
||||||
[tracing.datadog]
|
|
||||||
globalTag = "sample"
|
|
||||||
```
|
|
||||||
|
|
||||||
```bash tab="CLI"
|
|
||||||
--tracing.datadog.globalTag=sample
|
|
||||||
```
|
|
||||||
|
|
||||||
#### `globalTags`
|
#### `globalTags`
|
||||||
|
|
||||||
_Optional, Default=empty_
|
_Optional, Default=empty_
|
||||||
|
|
|
@ -667,41 +667,6 @@ providers:
|
||||||
|
|
||||||
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||||||
|
|
||||||
### `namespace`
|
|
||||||
|
|
||||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
|
||||||
|
|
||||||
_Optional, Default=""_
|
|
||||||
|
|
||||||
The `namespace` option defines the namespace in which the consul catalog services will be discovered.
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
|
|
||||||
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
One should only define either the `namespaces` option or the `namespace` option.
|
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
|
||||||
providers:
|
|
||||||
consulCatalog:
|
|
||||||
namespace: "production"
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
|
||||||
[providers.consulCatalog]
|
|
||||||
namespace = "production"
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
```bash tab="CLI"
|
|
||||||
--providers.consulcatalog.namespace=production
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
### `namespaces`
|
### `namespaces`
|
||||||
|
|
||||||
_Optional, Default=""_
|
_Optional, Default=""_
|
||||||
|
|
|
@ -59,40 +59,6 @@ providers:
|
||||||
--providers.consul.rootkey=traefik
|
--providers.consul.rootkey=traefik
|
||||||
```
|
```
|
||||||
|
|
||||||
### `namespace`
|
|
||||||
|
|
||||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
|
||||||
|
|
||||||
_Optional, Default=""_
|
|
||||||
|
|
||||||
The `namespace` option defines the namespace to query.
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
|
|
||||||
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
One should only define either the `namespaces` option or the `namespace` option.
|
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
|
||||||
providers:
|
|
||||||
consul:
|
|
||||||
# ...
|
|
||||||
namespace: "production"
|
|
||||||
```
|
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
|
||||||
[providers.consul]
|
|
||||||
# ...
|
|
||||||
namespace = "production"
|
|
||||||
```
|
|
||||||
|
|
||||||
```bash tab="CLI"
|
|
||||||
--providers.consul.namespace=production
|
|
||||||
```
|
|
||||||
|
|
||||||
### `namespaces`
|
### `namespaces`
|
||||||
|
|
||||||
_Optional, Default=""_
|
_Optional, Default=""_
|
||||||
|
|
|
@ -440,36 +440,6 @@ providers:
|
||||||
|
|
||||||
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||||||
|
|
||||||
### `namespace`
|
|
||||||
|
|
||||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
|
||||||
|
|
||||||
_Optional, Default=""_
|
|
||||||
|
|
||||||
The `namespace` option defines the namespace in which the Nomad services will be discovered.
|
|
||||||
|
|
||||||
!!! warning
|
|
||||||
|
|
||||||
One should only define either the `namespaces` option or the `namespace` option.
|
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
|
||||||
providers:
|
|
||||||
nomad:
|
|
||||||
namespace: "production"
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
|
||||||
[providers.nomad]
|
|
||||||
namespace = "production"
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
```bash tab="CLI"
|
|
||||||
--providers.nomad.namespace=production
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
### `namespaces`
|
### `namespaces`
|
||||||
|
|
||||||
_Optional, Default=""_
|
_Optional, Default=""_
|
||||||
|
|
|
@ -31,7 +31,6 @@
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
|
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
|
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
|
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
|
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
|
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
|
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
|
||||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
|
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
|
||||||
|
@ -54,7 +53,6 @@
|
||||||
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
|
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
|
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
|
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
|
|
||||||
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
|
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
|
||||||
- "traefik.http.middlewares.middleware10.headers.framedeny=true"
|
- "traefik.http.middlewares.middleware10.headers.framedeny=true"
|
||||||
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
|
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
|
||||||
|
@ -62,12 +60,8 @@
|
||||||
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
|
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
|
- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
|
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
|
|
||||||
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
|
|
||||||
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
|
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
|
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
|
||||||
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
|
|
||||||
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
|
|
||||||
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
|
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
|
||||||
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
|
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
|
||||||
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
|
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
|
||||||
|
@ -118,7 +112,6 @@
|
||||||
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
|
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
|
||||||
- "traefik.http.middlewares.middleware20.retry.attempts=42"
|
- "traefik.http.middlewares.middleware20.retry.attempts=42"
|
||||||
- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
|
- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
|
||||||
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
|
|
||||||
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
|
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
|
||||||
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
|
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
|
||||||
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
|
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
|
||||||
|
|
|
@ -159,7 +159,6 @@
|
||||||
authRequestHeaders = ["foobar", "foobar"]
|
authRequestHeaders = ["foobar", "foobar"]
|
||||||
[http.middlewares.Middleware09.forwardAuth.tls]
|
[http.middlewares.Middleware09.forwardAuth.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -175,10 +174,6 @@
|
||||||
addVaryHeader = true
|
addVaryHeader = true
|
||||||
allowedHosts = ["foobar", "foobar"]
|
allowedHosts = ["foobar", "foobar"]
|
||||||
hostsProxyHeaders = ["foobar", "foobar"]
|
hostsProxyHeaders = ["foobar", "foobar"]
|
||||||
sslRedirect = true
|
|
||||||
sslTemporaryRedirect = true
|
|
||||||
sslHost = "foobar"
|
|
||||||
sslForceHost = true
|
|
||||||
stsSeconds = 42
|
stsSeconds = 42
|
||||||
stsIncludeSubdomains = true
|
stsIncludeSubdomains = true
|
||||||
stsPreload = true
|
stsPreload = true
|
||||||
|
@ -191,7 +186,6 @@
|
||||||
contentSecurityPolicy = "foobar"
|
contentSecurityPolicy = "foobar"
|
||||||
publicKey = "foobar"
|
publicKey = "foobar"
|
||||||
referrerPolicy = "foobar"
|
referrerPolicy = "foobar"
|
||||||
featurePolicy = "foobar"
|
|
||||||
permissionsPolicy = "foobar"
|
permissionsPolicy = "foobar"
|
||||||
isDevelopment = true
|
isDevelopment = true
|
||||||
[http.middlewares.Middleware10.headers.customRequestHeaders]
|
[http.middlewares.Middleware10.headers.customRequestHeaders]
|
||||||
|
@ -282,7 +276,6 @@
|
||||||
[http.middlewares.Middleware21]
|
[http.middlewares.Middleware21]
|
||||||
[http.middlewares.Middleware21.stripPrefix]
|
[http.middlewares.Middleware21.stripPrefix]
|
||||||
prefixes = ["foobar", "foobar"]
|
prefixes = ["foobar", "foobar"]
|
||||||
forceSlash = true
|
|
||||||
[http.middlewares.Middleware22]
|
[http.middlewares.Middleware22]
|
||||||
[http.middlewares.Middleware22.stripPrefixRegex]
|
[http.middlewares.Middleware22.stripPrefixRegex]
|
||||||
regex = ["foobar", "foobar"]
|
regex = ["foobar", "foobar"]
|
||||||
|
@ -458,7 +451,6 @@
|
||||||
cipherSuites = ["foobar", "foobar"]
|
cipherSuites = ["foobar", "foobar"]
|
||||||
curvePreferences = ["foobar", "foobar"]
|
curvePreferences = ["foobar", "foobar"]
|
||||||
sniStrict = true
|
sniStrict = true
|
||||||
preferServerCipherSuites = true
|
|
||||||
alpnProtocols = ["foobar", "foobar"]
|
alpnProtocols = ["foobar", "foobar"]
|
||||||
[tls.options.Options0.clientAuth]
|
[tls.options.Options0.clientAuth]
|
||||||
caFiles = ["foobar", "foobar"]
|
caFiles = ["foobar", "foobar"]
|
||||||
|
@ -469,7 +461,6 @@
|
||||||
cipherSuites = ["foobar", "foobar"]
|
cipherSuites = ["foobar", "foobar"]
|
||||||
curvePreferences = ["foobar", "foobar"]
|
curvePreferences = ["foobar", "foobar"]
|
||||||
sniStrict = true
|
sniStrict = true
|
||||||
preferServerCipherSuites = true
|
|
||||||
alpnProtocols = ["foobar", "foobar"]
|
alpnProtocols = ["foobar", "foobar"]
|
||||||
[tls.options.Options1.clientAuth]
|
[tls.options.Options1.clientAuth]
|
||||||
caFiles = ["foobar", "foobar"]
|
caFiles = ["foobar", "foobar"]
|
||||||
|
|
|
@ -164,7 +164,6 @@ http:
|
||||||
address: foobar
|
address: foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -208,13 +207,9 @@ http:
|
||||||
hostsProxyHeaders:
|
hostsProxyHeaders:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
sslRedirect: true
|
|
||||||
sslTemporaryRedirect: true
|
|
||||||
sslHost: foobar
|
|
||||||
sslProxyHeaders:
|
sslProxyHeaders:
|
||||||
name0: foobar
|
name0: foobar
|
||||||
name1: foobar
|
name1: foobar
|
||||||
sslForceHost: true
|
|
||||||
stsSeconds: 42
|
stsSeconds: 42
|
||||||
stsIncludeSubdomains: true
|
stsIncludeSubdomains: true
|
||||||
stsPreload: true
|
stsPreload: true
|
||||||
|
@ -227,7 +222,6 @@ http:
|
||||||
contentSecurityPolicy: foobar
|
contentSecurityPolicy: foobar
|
||||||
publicKey: foobar
|
publicKey: foobar
|
||||||
referrerPolicy: foobar
|
referrerPolicy: foobar
|
||||||
featurePolicy: foobar
|
|
||||||
permissionsPolicy: foobar
|
permissionsPolicy: foobar
|
||||||
isDevelopment: true
|
isDevelopment: true
|
||||||
Middleware11:
|
Middleware11:
|
||||||
|
@ -319,7 +313,6 @@ http:
|
||||||
prefixes:
|
prefixes:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
forceSlash: true
|
|
||||||
Middleware22:
|
Middleware22:
|
||||||
stripPrefixRegex:
|
stripPrefixRegex:
|
||||||
regex:
|
regex:
|
||||||
|
@ -509,7 +502,6 @@ tls:
|
||||||
- foobar
|
- foobar
|
||||||
clientAuthType: foobar
|
clientAuthType: foobar
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
preferServerCipherSuites: true
|
|
||||||
alpnProtocols:
|
alpnProtocols:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
|
@ -528,7 +520,6 @@ tls:
|
||||||
- foobar
|
- foobar
|
||||||
clientAuthType: foobar
|
clientAuthType: foobar
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
preferServerCipherSuites: true
|
|
||||||
alpnProtocols:
|
alpnProtocols:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
|
|
|
@ -946,8 +946,6 @@ spec:
|
||||||
description: TLS defines the configuration used to secure the
|
description: TLS defines the configuration used to secure the
|
||||||
connection to the authentication server.
|
connection to the authentication server.
|
||||||
properties:
|
properties:
|
||||||
caOptional:
|
|
||||||
type: boolean
|
|
||||||
caSecret:
|
caSecret:
|
||||||
description: CASecret is the name of the referenced Kubernetes
|
description: CASecret is the name of the referenced Kubernetes
|
||||||
Secret containing the CA to validate the server certificate.
|
Secret containing the CA to validate the server certificate.
|
||||||
|
@ -1066,9 +1064,6 @@ spec:
|
||||||
description: CustomResponseHeaders defines the header names and
|
description: CustomResponseHeaders defines the header names and
|
||||||
values to apply to the response.
|
values to apply to the response.
|
||||||
type: object
|
type: object
|
||||||
featurePolicy:
|
|
||||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
|
||||||
type: string
|
|
||||||
forceSTSHeader:
|
forceSTSHeader:
|
||||||
description: ForceSTSHeader defines whether to add the STS header
|
description: ForceSTSHeader defines whether to add the STS header
|
||||||
even when the connection is HTTP.
|
even when the connection is HTTP.
|
||||||
|
@ -1104,12 +1099,6 @@ spec:
|
||||||
value. This allows sites to control whether browsers forward
|
value. This allows sites to control whether browsers forward
|
||||||
the Referer header to other sites.
|
the Referer header to other sites.
|
||||||
type: string
|
type: string
|
||||||
sslForceHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: boolean
|
|
||||||
sslHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: string
|
|
||||||
sslProxyHeaders:
|
sslProxyHeaders:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
|
@ -1118,14 +1107,6 @@ spec:
|
||||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||||
"https").'
|
"https").'
|
||||||
type: object
|
type: object
|
||||||
sslRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
sslTemporaryRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
stsIncludeSubdomains:
|
stsIncludeSubdomains:
|
||||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||||
directive is appended to the Strict-Transport-Security header.
|
directive is appended to the Strict-Transport-Security header.
|
||||||
|
@ -1467,11 +1448,6 @@ spec:
|
||||||
This middleware removes the specified prefixes from the URL path.
|
This middleware removes the specified prefixes from the URL path.
|
||||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||||
properties:
|
properties:
|
||||||
forceSlash:
|
|
||||||
description: 'ForceSlash ensures that the resulting stripped path
|
|
||||||
is not the empty string, by replacing it with / when necessary.
|
|
||||||
Default: true.'
|
|
||||||
type: boolean
|
|
||||||
prefixes:
|
prefixes:
|
||||||
description: Prefixes defines the prefixes to strip from the request
|
description: Prefixes defines the prefixes to strip from the request
|
||||||
URL.
|
URL.
|
||||||
|
@ -1807,12 +1783,6 @@ spec:
|
||||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||||
VersionTLS13. Default: VersionTLS10.'
|
VersionTLS13. Default: VersionTLS10.'
|
||||||
type: string
|
type: string
|
||||||
preferServerCipherSuites:
|
|
||||||
description: 'PreferServerCipherSuites defines whether the server
|
|
||||||
chooses a cipher suite among his own instead of among the client''s.
|
|
||||||
It is enabled automatically when minVersion or maxVersion is set.
|
|
||||||
Deprecated: https://github.com/golang/go/issues/45430'
|
|
||||||
type: boolean
|
|
||||||
sniStrict:
|
sniStrict:
|
||||||
description: SniStrict defines whether Traefik allows connections
|
description: SniStrict defines whether Traefik allows connections
|
||||||
from clients connections that do not specify a server_name extension.
|
from clients connections that do not specify a server_name extension.
|
||||||
|
|
|
@ -193,7 +193,6 @@ spec:
|
||||||
- foobar
|
- foobar
|
||||||
clientAuthType: RequireAndVerifyClientCert
|
clientAuthType: RequireAndVerifyClientCert
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
preferServerCipherSuites: true
|
|
||||||
alpnProtocols:
|
alpnProtocols:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
|
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
|
||||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
|
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
|
||||||
|
@ -66,7 +65,6 @@
|
||||||
| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
|
|
||||||
| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
|
| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
|
| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
|
||||||
|
@ -75,12 +73,8 @@
|
||||||
| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
|
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
|
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
|
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
|
|
||||||
| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
|
|
||||||
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
|
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
|
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
|
||||||
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
|
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
|
||||||
|
@ -135,7 +129,6 @@
|
||||||
| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
|
| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
|
| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
|
||||||
| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
|
| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
|
||||||
| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
|
|
||||||
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
|
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
|
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
|
||||||
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
|
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
|
||||||
|
@ -312,7 +305,6 @@
|
||||||
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
|
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
|
||||||
| `traefik/tls/options/Options0/maxVersion` | `foobar` |
|
| `traefik/tls/options/Options0/maxVersion` | `foobar` |
|
||||||
| `traefik/tls/options/Options0/minVersion` | `foobar` |
|
| `traefik/tls/options/Options0/minVersion` | `foobar` |
|
||||||
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
|
|
||||||
| `traefik/tls/options/Options0/sniStrict` | `true` |
|
| `traefik/tls/options/Options0/sniStrict` | `true` |
|
||||||
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
|
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
|
||||||
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
|
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
|
||||||
|
@ -325,7 +317,6 @@
|
||||||
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
|
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
|
||||||
| `traefik/tls/options/Options1/maxVersion` | `foobar` |
|
| `traefik/tls/options/Options1/maxVersion` | `foobar` |
|
||||||
| `traefik/tls/options/Options1/minVersion` | `foobar` |
|
| `traefik/tls/options/Options1/minVersion` | `foobar` |
|
||||||
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
|
|
||||||
| `traefik/tls/options/Options1/sniStrict` | `true` |
|
| `traefik/tls/options/Options1/sniStrict` | `true` |
|
||||||
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
|
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
|
||||||
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
|
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
|
||||||
|
|
|
@ -31,7 +31,6 @@
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
|
"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
|
"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
|
"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
|
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
|
"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
|
"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
|
||||||
"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
|
"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
|
||||||
|
@ -54,7 +53,6 @@
|
||||||
"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
|
"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
|
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
|
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
|
|
||||||
"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
|
"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
|
||||||
"traefik.http.middlewares.middleware10.headers.framedeny": "true",
|
"traefik.http.middlewares.middleware10.headers.framedeny": "true",
|
||||||
"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
|
"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
|
||||||
|
@ -62,12 +60,8 @@
|
||||||
"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
|
"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
|
"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
|
"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
|
|
||||||
"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
|
|
||||||
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
|
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
|
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
|
||||||
"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
|
|
||||||
"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
|
|
||||||
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
|
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
|
||||||
"traefik.http.middlewares.middleware10.headers.stspreload": "true",
|
"traefik.http.middlewares.middleware10.headers.stspreload": "true",
|
||||||
"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
|
"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
|
||||||
|
@ -118,7 +112,6 @@
|
||||||
"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
|
"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
|
||||||
"traefik.http.middlewares.middleware20.retry.attempts": "42",
|
"traefik.http.middlewares.middleware20.retry.attempts": "42",
|
||||||
"traefik.http.middlewares.middleware20.retry.initialinterval": "42",
|
"traefik.http.middlewares.middleware20.retry.initialinterval": "42",
|
||||||
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
|
|
||||||
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
|
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
|
||||||
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
|
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
|
||||||
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
|
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
|
||||||
|
|
|
@ -369,8 +369,6 @@ spec:
|
||||||
description: TLS defines the configuration used to secure the
|
description: TLS defines the configuration used to secure the
|
||||||
connection to the authentication server.
|
connection to the authentication server.
|
||||||
properties:
|
properties:
|
||||||
caOptional:
|
|
||||||
type: boolean
|
|
||||||
caSecret:
|
caSecret:
|
||||||
description: CASecret is the name of the referenced Kubernetes
|
description: CASecret is the name of the referenced Kubernetes
|
||||||
Secret containing the CA to validate the server certificate.
|
Secret containing the CA to validate the server certificate.
|
||||||
|
@ -489,9 +487,6 @@ spec:
|
||||||
description: CustomResponseHeaders defines the header names and
|
description: CustomResponseHeaders defines the header names and
|
||||||
values to apply to the response.
|
values to apply to the response.
|
||||||
type: object
|
type: object
|
||||||
featurePolicy:
|
|
||||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
|
||||||
type: string
|
|
||||||
forceSTSHeader:
|
forceSTSHeader:
|
||||||
description: ForceSTSHeader defines whether to add the STS header
|
description: ForceSTSHeader defines whether to add the STS header
|
||||||
even when the connection is HTTP.
|
even when the connection is HTTP.
|
||||||
|
@ -527,12 +522,6 @@ spec:
|
||||||
value. This allows sites to control whether browsers forward
|
value. This allows sites to control whether browsers forward
|
||||||
the Referer header to other sites.
|
the Referer header to other sites.
|
||||||
type: string
|
type: string
|
||||||
sslForceHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: boolean
|
|
||||||
sslHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: string
|
|
||||||
sslProxyHeaders:
|
sslProxyHeaders:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
|
@ -541,14 +530,6 @@ spec:
|
||||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||||
"https").'
|
"https").'
|
||||||
type: object
|
type: object
|
||||||
sslRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
sslTemporaryRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
stsIncludeSubdomains:
|
stsIncludeSubdomains:
|
||||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||||
directive is appended to the Strict-Transport-Security header.
|
directive is appended to the Strict-Transport-Security header.
|
||||||
|
@ -890,11 +871,6 @@ spec:
|
||||||
This middleware removes the specified prefixes from the URL path.
|
This middleware removes the specified prefixes from the URL path.
|
||||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||||
properties:
|
properties:
|
||||||
forceSlash:
|
|
||||||
description: 'ForceSlash ensures that the resulting stripped path
|
|
||||||
is not the empty string, by replacing it with / when necessary.
|
|
||||||
Default: true.'
|
|
||||||
type: boolean
|
|
||||||
prefixes:
|
prefixes:
|
||||||
description: Prefixes defines the prefixes to strip from the request
|
description: Prefixes defines the prefixes to strip from the request
|
||||||
URL.
|
URL.
|
||||||
|
|
|
@ -88,12 +88,6 @@ spec:
|
||||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||||
VersionTLS13. Default: VersionTLS10.'
|
VersionTLS13. Default: VersionTLS10.'
|
||||||
type: string
|
type: string
|
||||||
preferServerCipherSuites:
|
|
||||||
description: 'PreferServerCipherSuites defines whether the server
|
|
||||||
chooses a cipher suite among his own instead of among the client''s.
|
|
||||||
It is enabled automatically when minVersion or maxVersion is set.
|
|
||||||
Deprecated: https://github.com/golang/go/issues/45430'
|
|
||||||
type: boolean
|
|
||||||
sniStrict:
|
sniStrict:
|
||||||
description: SniStrict defines whether Traefik allows connections
|
description: SniStrict defines whether Traefik allows connections
|
||||||
from clients connections that do not specify a server_name extension.
|
from clients connections that do not specify a server_name extension.
|
||||||
|
|
|
@ -417,9 +417,6 @@ Enable Consul backend with default settings. (Default: ```false```)
|
||||||
`--providers.consul.endpoints`:
|
`--providers.consul.endpoints`:
|
||||||
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
||||||
|
|
||||||
`--providers.consul.namespace`:
|
|
||||||
Sets the namespace used to discover the configuration (Consul Enterprise only).
|
|
||||||
|
|
||||||
`--providers.consul.namespaces`:
|
`--providers.consul.namespaces`:
|
||||||
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
||||||
|
|
||||||
|
@ -429,9 +426,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`--providers.consul.tls.ca`:
|
`--providers.consul.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.consul.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.consul.tls.cert`:
|
`--providers.consul.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -483,9 +477,6 @@ The URI scheme for the Consul server
|
||||||
`--providers.consulcatalog.endpoint.tls.ca`:
|
`--providers.consulcatalog.endpoint.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.consulcatalog.endpoint.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.consulcatalog.endpoint.tls.cert`:
|
`--providers.consulcatalog.endpoint.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -501,9 +492,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
|
||||||
`--providers.consulcatalog.exposedbydefault`:
|
`--providers.consulcatalog.exposedbydefault`:
|
||||||
Expose containers by default. (Default: ```true```)
|
Expose containers by default. (Default: ```true```)
|
||||||
|
|
||||||
`--providers.consulcatalog.namespace`:
|
|
||||||
Sets the namespace used to discover services (Consul Enterprise only).
|
|
||||||
|
|
||||||
`--providers.consulcatalog.namespaces`:
|
`--providers.consulcatalog.namespaces`:
|
||||||
Sets the namespaces used to discover services (Consul Enterprise only).
|
Sets the namespaces used to discover services (Consul Enterprise only).
|
||||||
|
|
||||||
|
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
|
||||||
`--providers.docker.tls.ca`:
|
`--providers.docker.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.docker.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.docker.tls.cert`:
|
`--providers.docker.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`--providers.etcd.tls.ca`:
|
`--providers.etcd.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.etcd.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.etcd.tls.cert`:
|
`--providers.etcd.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
|
||||||
`--providers.http.tls.ca`:
|
`--providers.http.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.http.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.http.tls.cert`:
|
`--providers.http.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -819,9 +798,6 @@ Set a response header timeout for Marathon. (Default: ```60```)
|
||||||
`--providers.marathon.tls.ca`:
|
`--providers.marathon.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.marathon.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.marathon.tls.cert`:
|
`--providers.marathon.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
|
||||||
`--providers.nomad.endpoint.tls.ca`:
|
`--providers.nomad.endpoint.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.nomad.endpoint.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.nomad.endpoint.tls.cert`:
|
`--providers.nomad.endpoint.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
|
||||||
`--providers.nomad.exposedbydefault`:
|
`--providers.nomad.exposedbydefault`:
|
||||||
Expose Nomad services by default. (Default: ```true```)
|
Expose Nomad services by default. (Default: ```true```)
|
||||||
|
|
||||||
`--providers.nomad.namespace`:
|
|
||||||
Sets the Nomad namespace used to discover services.
|
|
||||||
|
|
||||||
`--providers.nomad.namespaces`:
|
`--providers.nomad.namespaces`:
|
||||||
Sets the Nomad namespaces used to discover services.
|
Sets the Nomad namespaces used to discover services.
|
||||||
|
|
||||||
|
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`--providers.redis.tls.ca`:
|
`--providers.redis.tls.ca`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`--providers.redis.tls.caoptional`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`--providers.redis.tls.cert`:
|
`--providers.redis.tls.cert`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
|
||||||
`--tracing.datadog.debug`:
|
`--tracing.datadog.debug`:
|
||||||
Enables Datadog debug. (Default: ```false```)
|
Enables Datadog debug. (Default: ```false```)
|
||||||
|
|
||||||
`--tracing.datadog.globaltag`:
|
|
||||||
Sets a key:value tag on all spans.
|
|
||||||
|
|
||||||
`--tracing.datadog.globaltags.<name>`:
|
`--tracing.datadog.globaltags.<name>`:
|
||||||
Sets a list of key:value tags on all spans.
|
Sets a list of key:value tags on all spans.
|
||||||
|
|
||||||
|
|
|
@ -453,9 +453,6 @@ The URI scheme for the Consul server
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`:
|
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -471,9 +468,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`:
|
`TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`:
|
||||||
Expose containers by default. (Default: ```true```)
|
Expose containers by default. (Default: ```true```)
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACE`:
|
|
||||||
Sets the namespace used to discover services (Consul Enterprise only).
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`:
|
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`:
|
||||||
Sets the namespaces used to discover services (Consul Enterprise only).
|
Sets the namespaces used to discover services (Consul Enterprise only).
|
||||||
|
|
||||||
|
@ -498,9 +492,6 @@ Watch Consul API events. (Default: ```false```)
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
|
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
|
||||||
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACE`:
|
|
||||||
Sets the namespace used to discover the configuration (Consul Enterprise only).
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`:
|
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`:
|
||||||
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
||||||
|
|
||||||
|
@ -510,9 +501,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:
|
`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
|
||||||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
|
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`TRAEFIK_PROVIDERS_ETCD_TLS_CA`:
|
`TRAEFIK_PROVIDERS_ETCD_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
|
||||||
`TRAEFIK_PROVIDERS_HTTP_TLS_CA`:
|
`TRAEFIK_PROVIDERS_HTTP_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -822,9 +801,6 @@ Set a TLS handshake timeout for Marathon. (Default: ```5```)
|
||||||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
|
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`:
|
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`:
|
`TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`:
|
||||||
Expose Nomad services by default. (Default: ```true```)
|
Expose Nomad services by default. (Default: ```true```)
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACE`:
|
|
||||||
Sets the Nomad namespace used to discover services.
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`:
|
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`:
|
||||||
Sets the Nomad namespaces used to discover services.
|
Sets the Nomad namespaces used to discover services.
|
||||||
|
|
||||||
|
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
|
||||||
`TRAEFIK_PROVIDERS_REDIS_TLS_CA`:
|
`TRAEFIK_PROVIDERS_REDIS_TLS_CA`:
|
||||||
TLS CA
|
TLS CA
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`:
|
|
||||||
TLS CA.Optional (Default: ```false```)
|
|
||||||
|
|
||||||
`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:
|
`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:
|
||||||
TLS cert
|
TLS cert
|
||||||
|
|
||||||
|
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
|
||||||
`TRAEFIK_TRACING_DATADOG_DEBUG`:
|
`TRAEFIK_TRACING_DATADOG_DEBUG`:
|
||||||
Enables Datadog debug. (Default: ```false```)
|
Enables Datadog debug. (Default: ```false```)
|
||||||
|
|
||||||
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
|
|
||||||
Sets a key:value tag on all spans.
|
|
||||||
|
|
||||||
`TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`:
|
`TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`:
|
||||||
Sets a list of key:value tags on all spans.
|
Sets a list of key:value tags on all spans.
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,6 @@
|
||||||
allowEmptyServices = true
|
allowEmptyServices = true
|
||||||
[providers.docker.tls]
|
[providers.docker.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -96,7 +95,6 @@
|
||||||
respectReadinessChecks = true
|
respectReadinessChecks = true
|
||||||
[providers.marathon.tls]
|
[providers.marathon.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -159,7 +157,6 @@
|
||||||
connectByDefault = true
|
connectByDefault = true
|
||||||
serviceName = "foobar"
|
serviceName = "foobar"
|
||||||
watch = true
|
watch = true
|
||||||
namespace = "foobar"
|
|
||||||
namespaces = ["foobar", "foobar"]
|
namespaces = ["foobar", "foobar"]
|
||||||
[providers.consulCatalog.endpoint]
|
[providers.consulCatalog.endpoint]
|
||||||
address = "foobar"
|
address = "foobar"
|
||||||
|
@ -169,7 +166,6 @@
|
||||||
endpointWaitTime = "42s"
|
endpointWaitTime = "42s"
|
||||||
[providers.consulCatalog.endpoint.tls]
|
[providers.consulCatalog.endpoint.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -181,7 +177,6 @@
|
||||||
constraints = "foobar"
|
constraints = "foobar"
|
||||||
prefix = "foobar"
|
prefix = "foobar"
|
||||||
stale = true
|
stale = true
|
||||||
namespace = "foobar"
|
|
||||||
namespaces = ["foobar", "foobar"]
|
namespaces = ["foobar", "foobar"]
|
||||||
exposedByDefault = true
|
exposedByDefault = true
|
||||||
refreshInterval = "42s"
|
refreshInterval = "42s"
|
||||||
|
@ -192,7 +187,6 @@
|
||||||
endpointWaitTime = "42s"
|
endpointWaitTime = "42s"
|
||||||
[providers.nomad.endpoint.tls]
|
[providers.nomad.endpoint.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -212,11 +206,9 @@
|
||||||
rootKey = "foobar"
|
rootKey = "foobar"
|
||||||
endpoints = ["foobar", "foobar"]
|
endpoints = ["foobar", "foobar"]
|
||||||
token = "foobar"
|
token = "foobar"
|
||||||
namespace = "foobar"
|
|
||||||
namespaces = ["foobar", "foobar"]
|
namespaces = ["foobar", "foobar"]
|
||||||
[providers.consul.tls]
|
[providers.consul.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -227,7 +219,6 @@
|
||||||
password = "foobar"
|
password = "foobar"
|
||||||
[providers.etcd.tls]
|
[providers.etcd.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -244,7 +235,6 @@
|
||||||
db = 42
|
db = 42
|
||||||
[providers.redis.tls]
|
[providers.redis.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -257,7 +247,6 @@
|
||||||
name1 = "foobar"
|
name1 = "foobar"
|
||||||
[providers.http.tls]
|
[providers.http.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -376,7 +365,6 @@
|
||||||
sampleRate = 42.0
|
sampleRate = 42.0
|
||||||
[tracing.datadog]
|
[tracing.datadog]
|
||||||
localAgentHostPort = "foobar"
|
localAgentHostPort = "foobar"
|
||||||
globalTag = "foobar"
|
|
||||||
[tracing.datadog.globalTags]
|
[tracing.datadog.globalTags]
|
||||||
tag1 = "foobar"
|
tag1 = "foobar"
|
||||||
tag2 = "foobar"
|
tag2 = "foobar"
|
||||||
|
|
|
@ -70,7 +70,6 @@ providers:
|
||||||
defaultRule: foobar
|
defaultRule: foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -96,7 +95,6 @@ providers:
|
||||||
dcosToken: foobar
|
dcosToken: foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -171,7 +169,6 @@ providers:
|
||||||
connectByDefault: true
|
connectByDefault: true
|
||||||
serviceName: foobar
|
serviceName: foobar
|
||||||
watch: true
|
watch: true
|
||||||
namespace: foobar
|
|
||||||
namespaces:
|
namespaces:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
|
@ -183,7 +180,6 @@ providers:
|
||||||
endpointWaitTime: 42s
|
endpointWaitTime: 42s
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -195,7 +191,6 @@ providers:
|
||||||
constraints: foobar
|
constraints: foobar
|
||||||
prefix: foobar
|
prefix: foobar
|
||||||
stale: true
|
stale: true
|
||||||
namespace: foobar
|
|
||||||
namespaces:
|
namespaces:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
|
@ -208,7 +203,6 @@ providers:
|
||||||
endpointWaitTime: 42s
|
endpointWaitTime: 42s
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -232,13 +226,11 @@ providers:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
token: foobar
|
token: foobar
|
||||||
namespace: foobar
|
|
||||||
namespaces:
|
namespaces:
|
||||||
- foobar
|
- foobar
|
||||||
- foobar
|
- foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -251,7 +243,6 @@ providers:
|
||||||
password: foobar
|
password: foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -272,7 +263,6 @@ providers:
|
||||||
db: 42
|
db: 42
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -285,7 +275,6 @@ providers:
|
||||||
name1: foobar
|
name1: foobar
|
||||||
tls:
|
tls:
|
||||||
ca: foobar
|
ca: foobar
|
||||||
caOptional: true
|
|
||||||
cert: foobar
|
cert: foobar
|
||||||
key: foobar
|
key: foobar
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
@ -402,7 +391,6 @@ tracing:
|
||||||
sampleRate: 42
|
sampleRate: 42
|
||||||
datadog:
|
datadog:
|
||||||
localAgentHostPort: foobar
|
localAgentHostPort: foobar
|
||||||
globalTag: foobar
|
|
||||||
globalTags:
|
globalTags:
|
||||||
tag1: foobar
|
tag1: foobar
|
||||||
tag2: foobar
|
tag2: foobar
|
||||||
|
|
|
@ -102,7 +102,6 @@ func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
|
||||||
"traefik/http/middlewares/compressor/compress": "",
|
"traefik/http/middlewares/compressor/compress": "",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range data {
|
for k, v := range data {
|
||||||
|
|
|
@ -97,7 +97,6 @@ func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
|
||||||
"traefik/http/middlewares/compressor/compress": "",
|
"traefik/http/middlewares/compressor/compress": "",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range data {
|
for k, v := range data {
|
||||||
|
|
|
@ -946,8 +946,6 @@ spec:
|
||||||
description: TLS defines the configuration used to secure the
|
description: TLS defines the configuration used to secure the
|
||||||
connection to the authentication server.
|
connection to the authentication server.
|
||||||
properties:
|
properties:
|
||||||
caOptional:
|
|
||||||
type: boolean
|
|
||||||
caSecret:
|
caSecret:
|
||||||
description: CASecret is the name of the referenced Kubernetes
|
description: CASecret is the name of the referenced Kubernetes
|
||||||
Secret containing the CA to validate the server certificate.
|
Secret containing the CA to validate the server certificate.
|
||||||
|
@ -1066,9 +1064,6 @@ spec:
|
||||||
description: CustomResponseHeaders defines the header names and
|
description: CustomResponseHeaders defines the header names and
|
||||||
values to apply to the response.
|
values to apply to the response.
|
||||||
type: object
|
type: object
|
||||||
featurePolicy:
|
|
||||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
|
||||||
type: string
|
|
||||||
forceSTSHeader:
|
forceSTSHeader:
|
||||||
description: ForceSTSHeader defines whether to add the STS header
|
description: ForceSTSHeader defines whether to add the STS header
|
||||||
even when the connection is HTTP.
|
even when the connection is HTTP.
|
||||||
|
@ -1104,12 +1099,6 @@ spec:
|
||||||
value. This allows sites to control whether browsers forward
|
value. This allows sites to control whether browsers forward
|
||||||
the Referer header to other sites.
|
the Referer header to other sites.
|
||||||
type: string
|
type: string
|
||||||
sslForceHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: boolean
|
|
||||||
sslHost:
|
|
||||||
description: 'Deprecated: use RedirectRegex instead.'
|
|
||||||
type: string
|
|
||||||
sslProxyHeaders:
|
sslProxyHeaders:
|
||||||
additionalProperties:
|
additionalProperties:
|
||||||
type: string
|
type: string
|
||||||
|
@ -1118,14 +1107,6 @@ spec:
|
||||||
useful when using other proxies (example: "X-Forwarded-Proto":
|
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||||
"https").'
|
"https").'
|
||||||
type: object
|
type: object
|
||||||
sslRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
sslTemporaryRedirect:
|
|
||||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
|
||||||
instead.'
|
|
||||||
type: boolean
|
|
||||||
stsIncludeSubdomains:
|
stsIncludeSubdomains:
|
||||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||||
directive is appended to the Strict-Transport-Security header.
|
directive is appended to the Strict-Transport-Security header.
|
||||||
|
@ -1467,11 +1448,6 @@ spec:
|
||||||
This middleware removes the specified prefixes from the URL path.
|
This middleware removes the specified prefixes from the URL path.
|
||||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||||
properties:
|
properties:
|
||||||
forceSlash:
|
|
||||||
description: 'ForceSlash ensures that the resulting stripped path
|
|
||||||
is not the empty string, by replacing it with / when necessary.
|
|
||||||
Default: true.'
|
|
||||||
type: boolean
|
|
||||||
prefixes:
|
prefixes:
|
||||||
description: Prefixes defines the prefixes to strip from the request
|
description: Prefixes defines the prefixes to strip from the request
|
||||||
URL.
|
URL.
|
||||||
|
@ -1807,12 +1783,6 @@ spec:
|
||||||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||||
VersionTLS13. Default: VersionTLS10.'
|
VersionTLS13. Default: VersionTLS10.'
|
||||||
type: string
|
type: string
|
||||||
preferServerCipherSuites:
|
|
||||||
description: 'PreferServerCipherSuites defines whether the server
|
|
||||||
chooses a cipher suite among his own instead of among the client''s.
|
|
||||||
It is enabled automatically when minVersion or maxVersion is set.
|
|
||||||
Deprecated: https://github.com/golang/go/issues/45430'
|
|
||||||
type: boolean
|
|
||||||
sniStrict:
|
sniStrict:
|
||||||
description: SniStrict defines whether Traefik allows connections
|
description: SniStrict defines whether Traefik allows connections
|
||||||
from clients connections that do not specify a server_name extension.
|
from clients connections that do not specify a server_name extension.
|
||||||
|
|
|
@ -98,7 +98,6 @@ func (s *RedisSuite) TestSimpleConfiguration(c *check.C) {
|
||||||
"traefik/http/middlewares/compressor/compress": "true",
|
"traefik/http/middlewares/compressor/compress": "true",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range data {
|
for k, v := range data {
|
||||||
|
|
3
integration/testdata/rawdata-consul.json
vendored
3
integration/testdata/rawdata-consul.json
vendored
|
@ -112,8 +112,7 @@
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo",
|
"foo",
|
||||||
"bar"
|
"bar"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
|
3
integration/testdata/rawdata-etcd.json
vendored
3
integration/testdata/rawdata-etcd.json
vendored
|
@ -112,8 +112,7 @@
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo",
|
"foo",
|
||||||
"bar"
|
"bar"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
|
3
integration/testdata/rawdata-redis.json
vendored
3
integration/testdata/rawdata-redis.json
vendored
|
@ -112,8 +112,7 @@
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo",
|
"foo",
|
||||||
"bar"
|
"bar"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
|
3
integration/testdata/rawdata-zk.json
vendored
3
integration/testdata/rawdata-zk.json
vendored
|
@ -112,8 +112,7 @@
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo",
|
"foo",
|
||||||
"bar"
|
"bar"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"status": "enabled",
|
"status": "enabled",
|
||||||
"usedBy": [
|
"usedBy": [
|
||||||
|
|
|
@ -100,7 +100,6 @@ func (s *ZookeeperSuite) TestSimpleConfiguration(c *check.C) {
|
||||||
"traefik/http/middlewares/compressor/compress": "",
|
"traefik/http/middlewares/compressor/compress": "",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range data {
|
for k, v := range data {
|
||||||
|
|
|
@ -46,7 +46,6 @@
|
||||||
httpClientTimeout = 42
|
httpClientTimeout = 42
|
||||||
[providers.docker.tls]
|
[providers.docker.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -71,7 +70,6 @@
|
||||||
respectReadinessChecks = true
|
respectReadinessChecks = true
|
||||||
[providers.marathon.tls]
|
[providers.marathon.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -182,7 +180,6 @@
|
||||||
sampleRate = 42.0
|
sampleRate = 42.0
|
||||||
[tracing.datadog]
|
[tracing.datadog]
|
||||||
localAgentHostPort = "foobar"
|
localAgentHostPort = "foobar"
|
||||||
globalTag = "foobar"
|
|
||||||
debug = true
|
debug = true
|
||||||
prioritySampling = true
|
prioritySampling = true
|
||||||
traceIDHeaderName = "foobar"
|
traceIDHeaderName = "foobar"
|
||||||
|
@ -292,7 +289,6 @@
|
||||||
authRequestHeaders = ["foobar", "foobar"]
|
authRequestHeaders = ["foobar", "foobar"]
|
||||||
[http.middlewares.Middleware15.forwardAuth.tls]
|
[http.middlewares.Middleware15.forwardAuth.tls]
|
||||||
ca = "foobar"
|
ca = "foobar"
|
||||||
caOptional = true
|
|
||||||
cert = "foobar"
|
cert = "foobar"
|
||||||
key = "foobar"
|
key = "foobar"
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
@ -376,10 +372,6 @@
|
||||||
addVaryHeader = true
|
addVaryHeader = true
|
||||||
allowedHosts = ["foobar", "foobar"]
|
allowedHosts = ["foobar", "foobar"]
|
||||||
hostsProxyHeaders = ["foobar", "foobar"]
|
hostsProxyHeaders = ["foobar", "foobar"]
|
||||||
sslRedirect = true
|
|
||||||
sslTemporaryRedirect = true
|
|
||||||
sslHost = "foobar"
|
|
||||||
sslForceHost = true
|
|
||||||
stsSeconds = 42
|
stsSeconds = 42
|
||||||
stsIncludeSubdomains = true
|
stsIncludeSubdomains = true
|
||||||
stsPreload = true
|
stsPreload = true
|
||||||
|
@ -392,7 +384,6 @@
|
||||||
contentSecurityPolicy = "foobar"
|
contentSecurityPolicy = "foobar"
|
||||||
publicKey = "foobar"
|
publicKey = "foobar"
|
||||||
referrerPolicy = "foobar"
|
referrerPolicy = "foobar"
|
||||||
featurePolicy = "foobar"
|
|
||||||
isDevelopment = true
|
isDevelopment = true
|
||||||
[http.middlewares.Middleware8.headers.customRequestHeaders]
|
[http.middlewares.Middleware8.headers.customRequestHeaders]
|
||||||
name0 = "foobar"
|
name0 = "foobar"
|
||||||
|
|
|
@ -260,17 +260,9 @@ type Headers struct {
|
||||||
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
|
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
|
||||||
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
|
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
|
||||||
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
|
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
|
||||||
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
|
||||||
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
|
|
||||||
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
|
||||||
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
|
|
||||||
// Deprecated: use RedirectRegex instead.
|
|
||||||
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
|
|
||||||
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
|
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
|
||||||
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
|
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
|
||||||
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
|
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
|
||||||
// Deprecated: use RedirectRegex instead.
|
|
||||||
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
|
|
||||||
// STSSeconds defines the max-age of the Strict-Transport-Security header.
|
// STSSeconds defines the max-age of the Strict-Transport-Security header.
|
||||||
// If set to 0, the header is not set.
|
// If set to 0, the header is not set.
|
||||||
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
|
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
|
||||||
|
@ -299,8 +291,6 @@ type Headers struct {
|
||||||
// ReferrerPolicy defines the Referrer-Policy header value.
|
// ReferrerPolicy defines the Referrer-Policy header value.
|
||||||
// This allows sites to control whether browsers forward the Referer header to other sites.
|
// This allows sites to control whether browsers forward the Referer header to other sites.
|
||||||
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
|
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
|
||||||
// Deprecated: use PermissionsPolicy instead.
|
|
||||||
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
|
|
||||||
// PermissionsPolicy defines the Permissions-Policy header value.
|
// PermissionsPolicy defines the Permissions-Policy header value.
|
||||||
// This allows sites to control browser features.
|
// This allows sites to control browser features.
|
||||||
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
|
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
|
||||||
|
@ -333,10 +323,6 @@ func (h *Headers) HasCorsHeadersDefined() bool {
|
||||||
func (h *Headers) HasSecureHeadersDefined() bool {
|
func (h *Headers) HasSecureHeadersDefined() bool {
|
||||||
return h != nil && (len(h.AllowedHosts) != 0 ||
|
return h != nil && (len(h.AllowedHosts) != 0 ||
|
||||||
len(h.HostsProxyHeaders) != 0 ||
|
len(h.HostsProxyHeaders) != 0 ||
|
||||||
h.SSLRedirect ||
|
|
||||||
h.SSLTemporaryRedirect ||
|
|
||||||
h.SSLForceHost ||
|
|
||||||
h.SSLHost != "" ||
|
|
||||||
len(h.SSLProxyHeaders) != 0 ||
|
len(h.SSLProxyHeaders) != 0 ||
|
||||||
h.STSSeconds != 0 ||
|
h.STSSeconds != 0 ||
|
||||||
h.STSIncludeSubdomains ||
|
h.STSIncludeSubdomains ||
|
||||||
|
@ -350,7 +336,6 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
||||||
h.ContentSecurityPolicy != "" ||
|
h.ContentSecurityPolicy != "" ||
|
||||||
h.PublicKey != "" ||
|
h.PublicKey != "" ||
|
||||||
h.ReferrerPolicy != "" ||
|
h.ReferrerPolicy != "" ||
|
||||||
h.FeaturePolicy != "" ||
|
|
||||||
h.PermissionsPolicy != "" ||
|
h.PermissionsPolicy != "" ||
|
||||||
h.IsDevelopment)
|
h.IsDevelopment)
|
||||||
}
|
}
|
||||||
|
@ -553,14 +538,6 @@ type Retry struct {
|
||||||
type StripPrefix struct {
|
type StripPrefix struct {
|
||||||
// Prefixes defines the prefixes to strip from the request URL.
|
// Prefixes defines the prefixes to strip from the request URL.
|
||||||
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
||||||
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
|
|
||||||
// Default: true.
|
|
||||||
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
|
|
||||||
}
|
|
||||||
|
|
||||||
// SetDefaults Default values for a StripPrefix.
|
|
||||||
func (s *StripPrefix) SetDefaults() {
|
|
||||||
s.ForceSlash = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// +k8s:deepcopy-gen=true
|
// +k8s:deepcopy-gen=true
|
||||||
|
|
|
@ -42,7 +42,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar",
|
"traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar",
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar",
|
"traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar",
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar",
|
"traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar",
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional": "true",
|
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar",
|
"traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar",
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true",
|
"traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true",
|
||||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar",
|
"traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar",
|
||||||
|
@ -71,14 +70,9 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
"traefik.http.middlewares.Middleware8.headers.isdevelopment": "true",
|
"traefik.http.middlewares.Middleware8.headers.isdevelopment": "true",
|
||||||
"traefik.http.middlewares.Middleware8.headers.publickey": "foobar",
|
"traefik.http.middlewares.Middleware8.headers.publickey": "foobar",
|
||||||
"traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar",
|
"traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar",
|
||||||
"traefik.http.middlewares.Middleware8.headers.featurepolicy": "foobar",
|
|
||||||
"traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar",
|
"traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar",
|
||||||
"traefik.http.middlewares.Middleware8.headers.sslforcehost": "true",
|
|
||||||
"traefik.http.middlewares.Middleware8.headers.sslhost": "foobar",
|
|
||||||
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar",
|
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar",
|
||||||
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar",
|
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar",
|
||||||
"traefik.http.middlewares.Middleware8.headers.sslredirect": "true",
|
|
||||||
"traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect": "true",
|
|
||||||
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
|
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
|
||||||
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
|
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
|
||||||
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
|
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
|
||||||
|
@ -462,7 +456,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"fiibar",
|
"fiibar",
|
||||||
},
|
},
|
||||||
ForceSlash: true,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Middleware18": {
|
"Middleware18": {
|
||||||
|
@ -530,7 +523,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
Address: "foobar",
|
Address: "foobar",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "foobar",
|
CA: "foobar",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "foobar",
|
Cert: "foobar",
|
||||||
Key: "foobar",
|
Key: "foobar",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -587,14 +579,10 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"fiibar",
|
"fiibar",
|
||||||
},
|
},
|
||||||
SSLRedirect: true,
|
|
||||||
SSLTemporaryRedirect: true,
|
|
||||||
SSLHost: "foobar",
|
|
||||||
SSLProxyHeaders: map[string]string{
|
SSLProxyHeaders: map[string]string{
|
||||||
"name0": "foobar",
|
"name0": "foobar",
|
||||||
"name1": "foobar",
|
"name1": "foobar",
|
||||||
},
|
},
|
||||||
SSLForceHost: true,
|
|
||||||
STSSeconds: 42,
|
STSSeconds: 42,
|
||||||
STSIncludeSubdomains: true,
|
STSIncludeSubdomains: true,
|
||||||
STSPreload: true,
|
STSPreload: true,
|
||||||
|
@ -607,7 +595,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
||||||
ContentSecurityPolicy: "foobar",
|
ContentSecurityPolicy: "foobar",
|
||||||
PublicKey: "foobar",
|
PublicKey: "foobar",
|
||||||
ReferrerPolicy: "foobar",
|
ReferrerPolicy: "foobar",
|
||||||
FeaturePolicy: "foobar",
|
|
||||||
PermissionsPolicy: "foobar",
|
PermissionsPolicy: "foobar",
|
||||||
IsDevelopment: true,
|
IsDevelopment: true,
|
||||||
},
|
},
|
||||||
|
@ -958,7 +945,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"fiibar",
|
"fiibar",
|
||||||
},
|
},
|
||||||
ForceSlash: true,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Middleware18": {
|
"Middleware18": {
|
||||||
|
@ -1034,7 +1020,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
Address: "foobar",
|
Address: "foobar",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "foobar",
|
CA: "foobar",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "foobar",
|
Cert: "foobar",
|
||||||
Key: "foobar",
|
Key: "foobar",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -1091,14 +1076,10 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"fiibar",
|
"fiibar",
|
||||||
},
|
},
|
||||||
SSLRedirect: true,
|
|
||||||
SSLTemporaryRedirect: true,
|
|
||||||
SSLHost: "foobar",
|
|
||||||
SSLProxyHeaders: map[string]string{
|
SSLProxyHeaders: map[string]string{
|
||||||
"name0": "foobar",
|
"name0": "foobar",
|
||||||
"name1": "foobar",
|
"name1": "foobar",
|
||||||
},
|
},
|
||||||
SSLForceHost: true,
|
|
||||||
STSSeconds: 42,
|
STSSeconds: 42,
|
||||||
STSIncludeSubdomains: true,
|
STSIncludeSubdomains: true,
|
||||||
STSPreload: true,
|
STSPreload: true,
|
||||||
|
@ -1111,7 +1092,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
ContentSecurityPolicy: "foobar",
|
ContentSecurityPolicy: "foobar",
|
||||||
PublicKey: "foobar",
|
PublicKey: "foobar",
|
||||||
ReferrerPolicy: "foobar",
|
ReferrerPolicy: "foobar",
|
||||||
FeaturePolicy: "foobar",
|
|
||||||
PermissionsPolicy: "foobar",
|
PermissionsPolicy: "foobar",
|
||||||
IsDevelopment: true,
|
IsDevelopment: true,
|
||||||
},
|
},
|
||||||
|
@ -1231,7 +1211,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar",
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar",
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional": "true",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true",
|
||||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar",
|
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar",
|
||||||
|
@ -1260,14 +1239,9 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.FeaturePolicy": "foobar",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost": "true",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost": "foobar",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect": "true",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect": "true",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
|
||||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
|
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
|
||||||
|
@ -1318,7 +1292,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
||||||
"traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42",
|
"traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42",
|
||||||
"traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000",
|
"traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000",
|
||||||
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
|
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
|
||||||
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true",
|
|
||||||
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
|
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
|
||||||
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
|
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
|
||||||
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",
|
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
package static
|
|
||||||
|
|
||||||
// Pilot Configuration related to Traefik Pilot.
|
|
||||||
// Deprecated.
|
|
||||||
type Pilot struct {
|
|
||||||
Token string `description:"Traefik Pilot token. (Deprecated)" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
|
||||||
Dashboard bool `description:"Enable Traefik Pilot in the dashboard. (Deprecated)" json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty"`
|
|
||||||
}
|
|
|
@ -78,9 +78,6 @@ type Configuration struct {
|
||||||
|
|
||||||
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
|
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
|
||||||
|
|
||||||
// Deprecated.
|
|
||||||
Pilot *Pilot `description:"Traefik Pilot configuration (Deprecated)." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"`
|
|
||||||
|
|
||||||
Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||||
|
|
||||||
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
|
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
|
||||||
|
@ -264,11 +261,6 @@ func (c *Configuration) SetEffectiveConfiguration() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enable anonymous usage when pilot is enabled.
|
|
||||||
if c.Pilot != nil {
|
|
||||||
c.Global.SendAnonymousUsage = true
|
|
||||||
}
|
|
||||||
|
|
||||||
// Disable Gateway API provider if not enabled in experimental.
|
// Disable Gateway API provider if not enabled in experimental.
|
||||||
if c.Experimental == nil || !c.Experimental.KubernetesGateway {
|
if c.Experimental == nil || !c.Experimental.KubernetesGateway {
|
||||||
c.Providers.KubernetesGateway = nil
|
c.Providers.KubernetesGateway = nil
|
||||||
|
@ -346,18 +338,6 @@ func (c *Configuration) ValidateConfiguration() error {
|
||||||
acmeEmail = resolver.ACME.Email
|
acmeEmail = resolver.ACME.Email
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 {
|
|
||||||
return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured")
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 {
|
|
||||||
return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured")
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 {
|
|
||||||
return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured")
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,16 +1,13 @@
|
||||||
package headers
|
package headers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/rs/zerolog/log"
|
|
||||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||||
"github.com/traefik/traefik/v2/pkg/logs"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Header is a middleware that helps setup a few basic security features.
|
// Header is a middleware that helps setup a few basic security features.
|
||||||
|
@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
|
||||||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||||
|
|
||||||
ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background())
|
|
||||||
|
|
||||||
handleDeprecation(ctx, &cfg)
|
|
||||||
|
|
||||||
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
|
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
|
||||||
for i, str := range cfg.AccessControlAllowOriginListRegex {
|
for i, str := range cfg.AccessControlAllowOriginListRegex {
|
||||||
reg, err := regexp.Compile(str)
|
reg, err := regexp.Compile(str)
|
||||||
|
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"github.com/opentracing/opentracing-go/ext"
|
"github.com/opentracing/opentracing-go/ext"
|
||||||
"github.com/rs/zerolog/log"
|
|
||||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||||
"github.com/traefik/traefik/v2/pkg/middlewares"
|
"github.com/traefik/traefik/v2/pkg/middlewares"
|
||||||
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
|
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
|
||||||
|
@ -18,26 +17,6 @@ const (
|
||||||
typeName = "Headers"
|
typeName = "Headers"
|
||||||
)
|
)
|
||||||
|
|
||||||
func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) {
|
|
||||||
logger := log.Ctx(ctx).Warn()
|
|
||||||
|
|
||||||
if cfg.SSLRedirect {
|
|
||||||
logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.")
|
|
||||||
}
|
|
||||||
if cfg.SSLTemporaryRedirect {
|
|
||||||
logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.")
|
|
||||||
}
|
|
||||||
if cfg.SSLHost != "" {
|
|
||||||
logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.")
|
|
||||||
}
|
|
||||||
if cfg.SSLForceHost {
|
|
||||||
logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.")
|
|
||||||
}
|
|
||||||
if cfg.FeaturePolicy != "" {
|
|
||||||
logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
type headers struct {
|
type headers struct {
|
||||||
name string
|
name string
|
||||||
handler http.Handler
|
handler http.Handler
|
||||||
|
@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin
|
||||||
logger := middlewares.GetLogger(ctx, name, typeName)
|
logger := middlewares.GetLogger(ctx, name, typeName)
|
||||||
logger.Debug().Msg("Creating middleware")
|
logger.Debug().Msg("Creating middleware")
|
||||||
|
|
||||||
mCtx := logger.WithContext(ctx)
|
|
||||||
|
|
||||||
handleDeprecation(mCtx, &cfg)
|
|
||||||
|
|
||||||
hasSecureHeaders := cfg.HasSecureHeadersDefined()
|
hasSecureHeaders := cfg.HasSecureHeadersDefined()
|
||||||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||||
|
|
|
@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
||||||
ForceSTSHeader: cfg.ForceSTSHeader,
|
ForceSTSHeader: cfg.ForceSTSHeader,
|
||||||
FrameDeny: cfg.FrameDeny,
|
FrameDeny: cfg.FrameDeny,
|
||||||
IsDevelopment: cfg.IsDevelopment,
|
IsDevelopment: cfg.IsDevelopment,
|
||||||
SSLRedirect: cfg.SSLRedirect,
|
|
||||||
SSLForceHost: cfg.SSLForceHost,
|
|
||||||
SSLTemporaryRedirect: cfg.SSLTemporaryRedirect,
|
|
||||||
STSIncludeSubdomains: cfg.STSIncludeSubdomains,
|
STSIncludeSubdomains: cfg.STSIncludeSubdomains,
|
||||||
STSPreload: cfg.STSPreload,
|
STSPreload: cfg.STSPreload,
|
||||||
ContentSecurityPolicy: cfg.ContentSecurityPolicy,
|
ContentSecurityPolicy: cfg.ContentSecurityPolicy,
|
||||||
|
@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
||||||
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
|
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
|
||||||
PublicKey: cfg.PublicKey,
|
PublicKey: cfg.PublicKey,
|
||||||
ReferrerPolicy: cfg.ReferrerPolicy,
|
ReferrerPolicy: cfg.ReferrerPolicy,
|
||||||
SSLHost: cfg.SSLHost,
|
|
||||||
AllowedHosts: cfg.AllowedHosts,
|
AllowedHosts: cfg.AllowedHosts,
|
||||||
HostsProxyHeaders: cfg.HostsProxyHeaders,
|
HostsProxyHeaders: cfg.HostsProxyHeaders,
|
||||||
SSLProxyHeaders: cfg.SSLProxyHeaders,
|
SSLProxyHeaders: cfg.SSLProxyHeaders,
|
||||||
STSSeconds: cfg.STSSeconds,
|
STSSeconds: cfg.STSSeconds,
|
||||||
FeaturePolicy: cfg.FeaturePolicy,
|
|
||||||
PermissionsPolicy: cfg.PermissionsPolicy,
|
PermissionsPolicy: cfg.PermissionsPolicy,
|
||||||
SecureContextKey: contextKey,
|
SecureContextKey: contextKey,
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,125 +11,12 @@ import (
|
||||||
|
|
||||||
// Middleware tests based on https://github.com/unrolled/secure
|
// Middleware tests based on https://github.com/unrolled/secure
|
||||||
|
|
||||||
func Test_newSecure_sslForceHost(t *testing.T) {
|
|
||||||
type expected struct {
|
|
||||||
statusCode int
|
|
||||||
location string
|
|
||||||
}
|
|
||||||
|
|
||||||
testCases := []struct {
|
|
||||||
desc string
|
|
||||||
host string
|
|
||||||
cfg dynamic.Headers
|
|
||||||
expected
|
|
||||||
}{
|
|
||||||
{
|
|
||||||
desc: "http should return a 301",
|
|
||||||
host: "http://powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: true,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{
|
|
||||||
statusCode: http.StatusMovedPermanently,
|
|
||||||
location: "https://powpow.example.com",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
desc: "http sub domain should return a 301",
|
|
||||||
host: "http://www.powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: true,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{
|
|
||||||
statusCode: http.StatusMovedPermanently,
|
|
||||||
location: "https://powpow.example.com",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
desc: "https should return a 200",
|
|
||||||
host: "https://powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: true,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{statusCode: http.StatusOK},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
desc: "https sub domain should return a 301",
|
|
||||||
host: "https://www.powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: true,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{
|
|
||||||
statusCode: http.StatusMovedPermanently,
|
|
||||||
location: "https://powpow.example.com",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
desc: "http without force host and sub domain should return a 301",
|
|
||||||
host: "http://www.powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: false,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{
|
|
||||||
statusCode: http.StatusMovedPermanently,
|
|
||||||
location: "https://powpow.example.com",
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
desc: "https without force host and sub domain should return a 301",
|
|
||||||
host: "https://www.powpow.example.com",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
SSLRedirect: true,
|
|
||||||
SSLForceHost: false,
|
|
||||||
SSLHost: "powpow.example.com",
|
|
||||||
},
|
|
||||||
expected: expected{statusCode: http.StatusOK},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
||||||
_, _ = rw.Write([]byte("OK"))
|
|
||||||
})
|
|
||||||
|
|
||||||
for _, test := range testCases {
|
|
||||||
t.Run(test.desc, func(t *testing.T) {
|
|
||||||
mid := newSecure(next, test.cfg, "mymiddleware")
|
|
||||||
|
|
||||||
req := httptest.NewRequest(http.MethodGet, test.host, nil)
|
|
||||||
|
|
||||||
rw := httptest.NewRecorder()
|
|
||||||
|
|
||||||
mid.ServeHTTP(rw, req)
|
|
||||||
|
|
||||||
assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode)
|
|
||||||
assert.Equal(t, test.expected.location, rw.Header().Get("Location"))
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func Test_newSecure_modifyResponse(t *testing.T) {
|
func Test_newSecure_modifyResponse(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
desc string
|
desc string
|
||||||
cfg dynamic.Headers
|
cfg dynamic.Headers
|
||||||
expected http.Header
|
expected http.Header
|
||||||
}{
|
}{
|
||||||
{
|
|
||||||
desc: "FeaturePolicy",
|
|
||||||
cfg: dynamic.Headers{
|
|
||||||
FeaturePolicy: "vibrate 'none';",
|
|
||||||
},
|
|
||||||
expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "PermissionsPolicy",
|
desc: "PermissionsPolicy",
|
||||||
cfg: dynamic.Headers{
|
cfg: dynamic.Headers{
|
||||||
|
|
|
@ -19,20 +19,18 @@ const (
|
||||||
|
|
||||||
// stripPrefix is a middleware used to strip prefix from an URL request.
|
// stripPrefix is a middleware used to strip prefix from an URL request.
|
||||||
type stripPrefix struct {
|
type stripPrefix struct {
|
||||||
next http.Handler
|
next http.Handler
|
||||||
prefixes []string
|
prefixes []string
|
||||||
forceSlash bool // TODO Must be removed (breaking), the default behavior must be forceSlash=false
|
name string
|
||||||
name string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a new strip prefix middleware.
|
// New creates a new strip prefix middleware.
|
||||||
func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) {
|
func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) {
|
||||||
middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware")
|
middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware")
|
||||||
return &stripPrefix{
|
return &stripPrefix{
|
||||||
prefixes: config.Prefixes,
|
prefixes: config.Prefixes,
|
||||||
forceSlash: config.ForceSlash,
|
next: next,
|
||||||
next: next,
|
name: name,
|
||||||
name: name,
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -61,13 +59,6 @@ func (s *stripPrefix) serveRequest(rw http.ResponseWriter, req *http.Request, pr
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string {
|
func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string {
|
||||||
if s.forceSlash {
|
|
||||||
// Only for compatibility reason with the previous behavior,
|
|
||||||
// but the previous behavior is wrong.
|
|
||||||
// This needs to be removed in the next breaking version.
|
|
||||||
return "/" + strings.TrimPrefix(strings.TrimPrefix(urlPath, prefix), "/")
|
|
||||||
}
|
|
||||||
|
|
||||||
return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix))
|
return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,17 +31,6 @@ func TestStripPrefix(t *testing.T) {
|
||||||
expectedStatusCode: http.StatusOK,
|
expectedStatusCode: http.StatusOK,
|
||||||
expectedPath: "/noprefixes",
|
expectedPath: "/noprefixes",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "wildcard (.*) requests (ForceSlash)",
|
|
||||||
config: dynamic.StripPrefix{
|
|
||||||
Prefixes: []string{"/"},
|
|
||||||
ForceSlash: true,
|
|
||||||
},
|
|
||||||
path: "/",
|
|
||||||
expectedStatusCode: http.StatusOK,
|
|
||||||
expectedPath: "/",
|
|
||||||
expectedHeader: "/",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "wildcard (.*) requests",
|
desc: "wildcard (.*) requests",
|
||||||
config: dynamic.StripPrefix{
|
config: dynamic.StripPrefix{
|
||||||
|
@ -52,17 +41,6 @@ func TestStripPrefix(t *testing.T) {
|
||||||
expectedPath: "",
|
expectedPath: "",
|
||||||
expectedHeader: "/",
|
expectedHeader: "/",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "prefix and path matching (ForceSlash)",
|
|
||||||
config: dynamic.StripPrefix{
|
|
||||||
Prefixes: []string{"/stat"},
|
|
||||||
ForceSlash: true,
|
|
||||||
},
|
|
||||||
path: "/stat",
|
|
||||||
expectedStatusCode: http.StatusOK,
|
|
||||||
expectedPath: "/",
|
|
||||||
expectedHeader: "/stat",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "prefix and path matching",
|
desc: "prefix and path matching",
|
||||||
config: dynamic.StripPrefix{
|
config: dynamic.StripPrefix{
|
||||||
|
@ -73,17 +51,6 @@ func TestStripPrefix(t *testing.T) {
|
||||||
expectedPath: "",
|
expectedPath: "",
|
||||||
expectedHeader: "/stat",
|
expectedHeader: "/stat",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "path prefix on exactly matching path (ForceSlash)",
|
|
||||||
config: dynamic.StripPrefix{
|
|
||||||
Prefixes: []string{"/stat/"},
|
|
||||||
ForceSlash: true,
|
|
||||||
},
|
|
||||||
path: "/stat/",
|
|
||||||
expectedStatusCode: http.StatusOK,
|
|
||||||
expectedPath: "/",
|
|
||||||
expectedHeader: "/stat/",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "path prefix on exactly matching path",
|
desc: "path prefix on exactly matching path",
|
||||||
config: dynamic.StripPrefix{
|
config: dynamic.StripPrefix{
|
||||||
|
@ -133,17 +100,6 @@ func TestStripPrefix(t *testing.T) {
|
||||||
expectedPath: "/us",
|
expectedPath: "/us",
|
||||||
expectedHeader: "/stat",
|
expectedHeader: "/stat",
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "later prefix matching (ForceSlash)",
|
|
||||||
config: dynamic.StripPrefix{
|
|
||||||
Prefixes: []string{"/mismatch", "/stat"},
|
|
||||||
ForceSlash: true,
|
|
||||||
},
|
|
||||||
path: "/stat",
|
|
||||||
expectedStatusCode: http.StatusOK,
|
|
||||||
expectedPath: "/",
|
|
||||||
expectedHeader: "/stat",
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "later prefix matching",
|
desc: "later prefix matching",
|
||||||
config: dynamic.StripPrefix{
|
config: dynamic.StripPrefix{
|
||||||
|
|
|
@ -35,8 +35,7 @@ const (
|
||||||
const pluginsURL = "https://plugins.traefik.io/public/"
|
const pluginsURL = "https://plugins.traefik.io/public/"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
hashHeader = "X-Plugin-Hash"
|
hashHeader = "X-Plugin-Hash"
|
||||||
tokenHeader = "X-Token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// ClientOptions the options of a Traefik plugins client.
|
// ClientOptions the options of a Traefik plugins client.
|
||||||
|
@ -49,7 +48,6 @@ type Client struct {
|
||||||
HTTPClient *http.Client
|
HTTPClient *http.Client
|
||||||
baseURL *url.URL
|
baseURL *url.URL
|
||||||
|
|
||||||
token string
|
|
||||||
archives string
|
archives string
|
||||||
stateFile string
|
stateFile string
|
||||||
goPath string
|
goPath string
|
||||||
|
@ -158,10 +156,6 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
|
||||||
req.Header.Set(hashHeader, hash)
|
req.Header.Set(hashHeader, hash)
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.token != "" {
|
|
||||||
req.Header.Set(tokenHeader, c.token)
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, err := c.HTTPClient.Do(req)
|
resp, err := c.HTTPClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("failed to call service: %w", err)
|
return "", fmt.Errorf("failed to call service: %w", err)
|
||||||
|
@ -222,10 +216,6 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error
|
||||||
req.Header.Set(hashHeader, hash)
|
req.Header.Set(hashHeader, hash)
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.token != "" {
|
|
||||||
req.Header.Set(tokenHeader, c.token)
|
|
||||||
}
|
|
||||||
|
|
||||||
resp, err := c.HTTPClient.Do(req)
|
resp, err := c.HTTPClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to call service: %w", err)
|
return fmt.Errorf("failed to call service: %w", err)
|
||||||
|
|
|
@ -3070,7 +3070,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
func TestNamespaces(t *testing.T) {
|
func TestNamespaces(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
desc string
|
desc string
|
||||||
namespace string
|
|
||||||
namespaces []string
|
namespaces []string
|
||||||
expectedNamespaces []string
|
expectedNamespaces []string
|
||||||
}{
|
}{
|
||||||
|
@ -3078,11 +3077,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
desc: "no defined namespaces",
|
desc: "no defined namespaces",
|
||||||
expectedNamespaces: []string{""},
|
expectedNamespaces: []string{""},
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "deprecated: use of defined namespace",
|
|
||||||
namespace: "test-ns",
|
|
||||||
expectedNamespaces: []string{"test-ns"},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "use of 1 defined namespaces",
|
desc: "use of 1 defined namespaces",
|
||||||
namespaces: []string{"test-ns"},
|
namespaces: []string{"test-ns"},
|
||||||
|
@ -3102,7 +3096,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
pb := &ProviderBuilder{
|
pb := &ProviderBuilder{
|
||||||
Namespace: test.namespace,
|
|
||||||
Namespaces: test.namespaces,
|
Namespaces: test.namespaces,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -49,25 +49,15 @@ type itemData struct {
|
||||||
type ProviderBuilder struct {
|
type ProviderBuilder struct {
|
||||||
Configuration `yaml:",inline" export:"true"`
|
Configuration `yaml:",inline" export:"true"`
|
||||||
|
|
||||||
// Deprecated: use Namespaces option instead.
|
|
||||||
Namespace string `description:"Sets the namespace used to discover services (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
|
||||||
Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// BuildProviders builds Consul Catalog provider instances for the given namespaces configuration.
|
// BuildProviders builds Consul Catalog provider instances for the given namespaces configuration.
|
||||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||||
// We can warn about that, because we've already made sure before that
|
|
||||||
// Namespace and Namespaces are mutually exclusive.
|
|
||||||
if p.Namespace != "" {
|
|
||||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(p.Namespaces) == 0 {
|
if len(p.Namespaces) == 0 {
|
||||||
return []*Provider{{
|
return []*Provider{{
|
||||||
Configuration: p.Configuration,
|
Configuration: p.Configuration,
|
||||||
name: providerName,
|
name: providerName,
|
||||||
// p.Namespace could very well be empty.
|
|
||||||
namespace: p.Namespace,
|
|
||||||
}}
|
}}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -626,7 +626,6 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp
|
||||||
}
|
}
|
||||||
|
|
||||||
forwardAuth.TLS = &types.ClientTLS{
|
forwardAuth.TLS = &types.ClientTLS{
|
||||||
CAOptional: auth.TLS.CAOptional,
|
|
||||||
InsecureSkipVerify: auth.TLS.InsecureSkipVerify,
|
InsecureSkipVerify: auth.TLS.InsecureSkipVerify,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5144,8 +5144,7 @@ func TestCrossNamespace(t *testing.T) {
|
||||||
Middlewares: map[string]*dynamic.Middleware{
|
Middlewares: map[string]*dynamic.Middleware{
|
||||||
"cross-ns-stripprefix": {
|
"cross-ns-stripprefix": {
|
||||||
StripPrefix: &dynamic.StripPrefix{
|
StripPrefix: &dynamic.StripPrefix{
|
||||||
Prefixes: []string{"/stripit"},
|
Prefixes: []string{"/stripit"},
|
||||||
ForceSlash: false,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -5215,8 +5214,7 @@ func TestCrossNamespace(t *testing.T) {
|
||||||
Middlewares: map[string]*dynamic.Middleware{
|
Middlewares: map[string]*dynamic.Middleware{
|
||||||
"cross-ns-stripprefix": {
|
"cross-ns-stripprefix": {
|
||||||
StripPrefix: &dynamic.StripPrefix{
|
StripPrefix: &dynamic.StripPrefix{
|
||||||
Prefixes: []string{"/stripit"},
|
Prefixes: []string{"/stripit"},
|
||||||
ForceSlash: false,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"default-test-errorpage": {
|
"default-test-errorpage": {
|
||||||
|
|
|
@ -167,7 +167,6 @@ type ClientTLS struct {
|
||||||
CertSecret string `json:"certSecret,omitempty"`
|
CertSecret string `json:"certSecret,omitempty"`
|
||||||
// InsecureSkipVerify defines whether the server certificates should be validated.
|
// InsecureSkipVerify defines whether the server certificates should be validated.
|
||||||
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
|
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
|
||||||
CAOptional bool `json:"caOptional,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// +k8s:deepcopy-gen=true
|
// +k8s:deepcopy-gen=true
|
||||||
|
|
|
@ -41,10 +41,6 @@ type TLSOptionSpec struct {
|
||||||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||||
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
||||||
SniStrict bool `json:"sniStrict,omitempty"`
|
SniStrict bool `json:"sniStrict,omitempty"`
|
||||||
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
|
||||||
// It is enabled automatically when minVersion or maxVersion is set.
|
|
||||||
// Deprecated: https://github.com/golang/go/issues/45430
|
|
||||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
|
|
||||||
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||||
// More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols
|
// More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols
|
||||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||||
|
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/kvtools/consul"
|
"github.com/kvtools/consul"
|
||||||
"github.com/rs/zerolog/log"
|
|
||||||
"github.com/traefik/traefik/v2/pkg/provider"
|
"github.com/traefik/traefik/v2/pkg/provider"
|
||||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||||
"github.com/traefik/traefik/v2/pkg/types"
|
"github.com/traefik/traefik/v2/pkg/types"
|
||||||
|
@ -25,8 +24,6 @@ type ProviderBuilder struct {
|
||||||
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
||||||
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
||||||
|
|
||||||
// Deprecated: use Namespaces instead.
|
|
||||||
Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
|
||||||
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -38,20 +35,12 @@ func (p *ProviderBuilder) SetDefaults() {
|
||||||
|
|
||||||
// BuildProviders builds Consul provider instances for the given namespaces configuration.
|
// BuildProviders builds Consul provider instances for the given namespaces configuration.
|
||||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||||
// We can warn about that, because we've already made sure before that
|
|
||||||
// Namespace and Namespaces are mutually exclusive.
|
|
||||||
if p.Namespace != "" {
|
|
||||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(p.Namespaces) == 0 {
|
if len(p.Namespaces) == 0 {
|
||||||
return []*Provider{{
|
return []*Provider{{
|
||||||
Provider: p.Provider,
|
Provider: p.Provider,
|
||||||
name: providerName,
|
name: providerName,
|
||||||
// p.Namespace could very well be empty.
|
token: p.Token,
|
||||||
namespace: p.Namespace,
|
tls: p.TLS,
|
||||||
token: p.Token,
|
|
||||||
tls: p.TLS,
|
|
||||||
}}
|
}}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,6 @@ import (
|
||||||
func TestNamespaces(t *testing.T) {
|
func TestNamespaces(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
desc string
|
desc string
|
||||||
namespace string
|
|
||||||
namespaces []string
|
namespaces []string
|
||||||
expectedNamespaces []string
|
expectedNamespaces []string
|
||||||
}{
|
}{
|
||||||
|
@ -17,11 +16,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
desc: "no defined namespaces",
|
desc: "no defined namespaces",
|
||||||
expectedNamespaces: []string{""},
|
expectedNamespaces: []string{""},
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "deprecated: use of defined namespace",
|
|
||||||
namespace: "test-ns",
|
|
||||||
expectedNamespaces: []string{"test-ns"},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "use of 1 defined namespaces",
|
desc: "use of 1 defined namespaces",
|
||||||
namespaces: []string{"test-ns"},
|
namespaces: []string{"test-ns"},
|
||||||
|
@ -41,7 +35,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
pb := &ProviderBuilder{
|
pb := &ProviderBuilder{
|
||||||
Namespace: test.namespace,
|
|
||||||
Namespaces: test.namespaces,
|
Namespaces: test.namespaces,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar",
|
"traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar",
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true",
|
"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true",
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar",
|
"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar",
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/caOptional": "true",
|
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar",
|
"traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar",
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar",
|
"traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar",
|
||||||
"traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true",
|
"traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true",
|
||||||
|
@ -106,12 +105,8 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true",
|
"traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true",
|
||||||
"traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true",
|
"traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true",
|
||||||
"traefik/http/middlewares/Middleware09/headers/featurePolicy": "foobar",
|
|
||||||
"traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true",
|
"traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true",
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslRedirect": "true",
|
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslHost": "foobar",
|
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslForceHost": "true",
|
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar",
|
||||||
|
@ -130,7 +125,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true",
|
"traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true",
|
||||||
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/sslTemporaryRedirect": "true",
|
|
||||||
"traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar",
|
||||||
"traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar",
|
"traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar",
|
||||||
|
@ -206,7 +200,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"traefik/http/middlewares/Middleware18/retry/attempts": "42",
|
"traefik/http/middlewares/Middleware18/retry/attempts": "42",
|
||||||
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar",
|
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar",
|
||||||
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar",
|
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar",
|
||||||
"traefik/http/middlewares/Middleware19/stripPrefix/forceSlash": "true",
|
|
||||||
"traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar",
|
"traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar",
|
||||||
"traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar",
|
"traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar",
|
||||||
"traefik/tcp/routers/TCPRouter0/service": "foobar",
|
"traefik/tcp/routers/TCPRouter0/service": "foobar",
|
||||||
|
@ -378,7 +371,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"foobar",
|
"foobar",
|
||||||
},
|
},
|
||||||
ForceSlash: true,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Middleware00": {
|
"Middleware00": {
|
||||||
|
@ -413,7 +405,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
Address: "foobar",
|
Address: "foobar",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "foobar",
|
CA: "foobar",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "foobar",
|
Cert: "foobar",
|
||||||
Key: "foobar",
|
Key: "foobar",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -589,14 +580,10 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
"foobar",
|
"foobar",
|
||||||
"foobar",
|
"foobar",
|
||||||
},
|
},
|
||||||
SSLRedirect: true,
|
|
||||||
SSLTemporaryRedirect: true,
|
|
||||||
SSLHost: "foobar",
|
|
||||||
SSLProxyHeaders: map[string]string{
|
SSLProxyHeaders: map[string]string{
|
||||||
"name1": "foobar",
|
"name1": "foobar",
|
||||||
"name0": "foobar",
|
"name0": "foobar",
|
||||||
},
|
},
|
||||||
SSLForceHost: true,
|
|
||||||
STSSeconds: 42,
|
STSSeconds: 42,
|
||||||
STSIncludeSubdomains: true,
|
STSIncludeSubdomains: true,
|
||||||
STSPreload: true,
|
STSPreload: true,
|
||||||
|
@ -609,7 +596,6 @@ func Test_buildConfiguration(t *testing.T) {
|
||||||
ContentSecurityPolicy: "foobar",
|
ContentSecurityPolicy: "foobar",
|
||||||
PublicKey: "foobar",
|
PublicKey: "foobar",
|
||||||
ReferrerPolicy: "foobar",
|
ReferrerPolicy: "foobar",
|
||||||
FeaturePolicy: "foobar",
|
|
||||||
PermissionsPolicy: "foobar",
|
PermissionsPolicy: "foobar",
|
||||||
IsDevelopment: true,
|
IsDevelopment: true,
|
||||||
},
|
},
|
||||||
|
|
|
@ -2611,7 +2611,6 @@ func Test_keepItem(t *testing.T) {
|
||||||
func TestNamespaces(t *testing.T) {
|
func TestNamespaces(t *testing.T) {
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
desc string
|
desc string
|
||||||
namespace string
|
|
||||||
namespaces []string
|
namespaces []string
|
||||||
expectedNamespaces []string
|
expectedNamespaces []string
|
||||||
}{
|
}{
|
||||||
|
@ -2619,11 +2618,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
desc: "no defined namespaces",
|
desc: "no defined namespaces",
|
||||||
expectedNamespaces: []string{""},
|
expectedNamespaces: []string{""},
|
||||||
},
|
},
|
||||||
{
|
|
||||||
desc: "deprecated: use of defined namespace",
|
|
||||||
namespace: "test-ns",
|
|
||||||
expectedNamespaces: []string{"test-ns"},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
desc: "use of 1 defined namespaces",
|
desc: "use of 1 defined namespaces",
|
||||||
namespaces: []string{"test-ns"},
|
namespaces: []string{"test-ns"},
|
||||||
|
@ -2643,7 +2637,6 @@ func TestNamespaces(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
pb := &ProviderBuilder{
|
pb := &ProviderBuilder{
|
||||||
Namespace: test.namespace,
|
|
||||||
Namespaces: test.namespaces,
|
Namespaces: test.namespaces,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,23 +52,15 @@ type item struct {
|
||||||
type ProviderBuilder struct {
|
type ProviderBuilder struct {
|
||||||
Configuration `yaml:",inline" export:"true"`
|
Configuration `yaml:",inline" export:"true"`
|
||||||
|
|
||||||
// Deprecated: Use Namespaces option instead
|
|
||||||
Namespace string `description:"Sets the Nomad namespace used to discover services." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
|
||||||
Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// BuildProviders builds Nomad provider instances for the given namespaces configuration.
|
// BuildProviders builds Nomad provider instances for the given namespaces configuration.
|
||||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||||
if p.Namespace != "" {
|
|
||||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(p.Namespaces) == 0 {
|
if len(p.Namespaces) == 0 {
|
||||||
return []*Provider{{
|
return []*Provider{{
|
||||||
Configuration: p.Configuration,
|
Configuration: p.Configuration,
|
||||||
name: providerName,
|
name: providerName,
|
||||||
// p.Namespace could be empty
|
|
||||||
namespace: p.Namespace,
|
|
||||||
}}
|
}}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -175,8 +175,7 @@ func init() {
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
},
|
},
|
||||||
StripPrefix: &dynamic.StripPrefix{
|
StripPrefix: &dynamic.StripPrefix{
|
||||||
Prefixes: []string{"foo"},
|
Prefixes: []string{"foo"},
|
||||||
ForceSlash: true,
|
|
||||||
},
|
},
|
||||||
StripPrefixRegex: &dynamic.StripPrefixRegex{
|
StripPrefixRegex: &dynamic.StripPrefixRegex{
|
||||||
Regex: []string{"foo"},
|
Regex: []string{"foo"},
|
||||||
|
@ -211,11 +210,7 @@ func init() {
|
||||||
AddVaryHeader: true,
|
AddVaryHeader: true,
|
||||||
AllowedHosts: []string{"foo"},
|
AllowedHosts: []string{"foo"},
|
||||||
HostsProxyHeaders: []string{"foo"},
|
HostsProxyHeaders: []string{"foo"},
|
||||||
SSLRedirect: true,
|
|
||||||
SSLTemporaryRedirect: true,
|
|
||||||
SSLHost: "foo",
|
|
||||||
SSLProxyHeaders: map[string]string{"foo": "bar"},
|
SSLProxyHeaders: map[string]string{"foo": "bar"},
|
||||||
SSLForceHost: true,
|
|
||||||
STSSeconds: 42,
|
STSSeconds: 42,
|
||||||
STSIncludeSubdomains: true,
|
STSIncludeSubdomains: true,
|
||||||
STSPreload: true,
|
STSPreload: true,
|
||||||
|
@ -228,7 +223,6 @@ func init() {
|
||||||
ContentSecurityPolicy: "foo",
|
ContentSecurityPolicy: "foo",
|
||||||
PublicKey: "foo",
|
PublicKey: "foo",
|
||||||
ReferrerPolicy: "foo",
|
ReferrerPolicy: "foo",
|
||||||
FeaturePolicy: "foo",
|
|
||||||
PermissionsPolicy: "foo",
|
PermissionsPolicy: "foo",
|
||||||
IsDevelopment: true,
|
IsDevelopment: true,
|
||||||
},
|
},
|
||||||
|
@ -278,7 +272,6 @@ func init() {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "ca.pem",
|
CA: "ca.pem",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "cert.pem",
|
Cert: "cert.pem",
|
||||||
Key: "cert.pem",
|
Key: "cert.pem",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -592,7 +585,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
DefaultRule: "PathPrefix(`/`)",
|
DefaultRule: "PathPrefix(`/`)",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -615,7 +607,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
DCOSToken: "foobar",
|
DCOSToken: "foobar",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -691,7 +682,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
Token: "MyToken",
|
Token: "MyToken",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -710,7 +700,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
ExposedByDefault: true,
|
ExposedByDefault: true,
|
||||||
DefaultRule: "PathPrefix(`/`)",
|
DefaultRule: "PathPrefix(`/`)",
|
||||||
},
|
},
|
||||||
Namespace: "ns",
|
|
||||||
Namespaces: []string{"ns1", "ns2"},
|
Namespaces: []string{"ns1", "ns2"},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -735,12 +724,10 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
Token: "secret",
|
Token: "secret",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
},
|
},
|
||||||
Namespace: "ns",
|
|
||||||
Namespaces: []string{"ns1", "ns2"},
|
Namespaces: []string{"ns1", "ns2"},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -753,7 +740,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
Password: "password",
|
Password: "password",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -778,7 +764,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
Password: "password",
|
Password: "password",
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -791,7 +776,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
PollTimeout: 42,
|
PollTimeout: 42,
|
||||||
TLS: &types.ClientTLS{
|
TLS: &types.ClientTLS{
|
||||||
CA: "myCa",
|
CA: "myCa",
|
||||||
CAOptional: true,
|
|
||||||
Cert: "mycert.pem",
|
Cert: "mycert.pem",
|
||||||
Key: "mycert.key",
|
Key: "mycert.key",
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
@ -903,7 +887,7 @@ func TestDo_staticConfiguration(t *testing.T) {
|
||||||
},
|
},
|
||||||
Datadog: &datadog.Config{
|
Datadog: &datadog.Config{
|
||||||
LocalAgentHostPort: "foobar",
|
LocalAgentHostPort: "foobar",
|
||||||
GlobalTag: "foobar",
|
GlobalTags: map[string]string{"foobar": "foobar"},
|
||||||
Debug: true,
|
Debug: true,
|
||||||
PrioritySampling: true,
|
PrioritySampling: true,
|
||||||
TraceIDHeaderName: "foobar",
|
TraceIDHeaderName: "foobar",
|
||||||
|
|
|
@ -99,8 +99,7 @@
|
||||||
"stripPrefix": {
|
"stripPrefix": {
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo"
|
"foo"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"stripPrefixRegex": {
|
"stripPrefixRegex": {
|
||||||
"regex": [
|
"regex": [
|
||||||
|
@ -161,10 +160,6 @@
|
||||||
"hostsProxyHeaders": [
|
"hostsProxyHeaders": [
|
||||||
"foo"
|
"foo"
|
||||||
],
|
],
|
||||||
"sslRedirect": true,
|
|
||||||
"sslTemporaryRedirect": true,
|
|
||||||
"sslHost": "xxxx",
|
|
||||||
"sslForceHost": true,
|
|
||||||
"stsSeconds": 42,
|
"stsSeconds": 42,
|
||||||
"stsIncludeSubdomains": true,
|
"stsIncludeSubdomains": true,
|
||||||
"stsPreload": true,
|
"stsPreload": true,
|
||||||
|
@ -177,7 +172,6 @@
|
||||||
"contentSecurityPolicy": "xxxx",
|
"contentSecurityPolicy": "xxxx",
|
||||||
"publicKey": "xxxx",
|
"publicKey": "xxxx",
|
||||||
"referrerPolicy": "foo",
|
"referrerPolicy": "foo",
|
||||||
"featurePolicy": "foo",
|
|
||||||
"permissionsPolicy": "foo",
|
"permissionsPolicy": "foo",
|
||||||
"isDevelopment": true
|
"isDevelopment": true
|
||||||
},
|
},
|
||||||
|
@ -235,7 +229,6 @@
|
||||||
"address": "xxxx",
|
"address": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
|
|
@ -83,7 +83,6 @@
|
||||||
"defaultRule": "xxxx",
|
"defaultRule": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -111,7 +110,6 @@
|
||||||
"dcosToken": "xxxx",
|
"dcosToken": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -189,7 +187,6 @@
|
||||||
"token": "xxxx",
|
"token": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -207,7 +204,6 @@
|
||||||
"cache": true,
|
"cache": true,
|
||||||
"exposedByDefault": true,
|
"exposedByDefault": true,
|
||||||
"defaultRule": "xxxx",
|
"defaultRule": "xxxx",
|
||||||
"namespace": "xxxx",
|
|
||||||
"namespaces": [
|
"namespaces": [
|
||||||
"xxxx",
|
"xxxx",
|
||||||
"xxxx"
|
"xxxx"
|
||||||
|
@ -233,12 +229,10 @@
|
||||||
"token": "xxxx",
|
"token": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
},
|
},
|
||||||
"namespace": "xxxx",
|
|
||||||
"namespaces": [
|
"namespaces": [
|
||||||
"xxxx",
|
"xxxx",
|
||||||
"xxxx"
|
"xxxx"
|
||||||
|
@ -248,7 +242,6 @@
|
||||||
"rootKey": "xxxx",
|
"rootKey": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -265,7 +258,6 @@
|
||||||
"rootKey": "xxxx",
|
"rootKey": "xxxx",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -279,7 +271,6 @@
|
||||||
"pollTimeout": "42ns",
|
"pollTimeout": "42ns",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "xxxx",
|
"ca": "xxxx",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "xxxx",
|
"cert": "xxxx",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
@ -394,7 +385,9 @@
|
||||||
},
|
},
|
||||||
"datadog": {
|
"datadog": {
|
||||||
"localAgentHostPort": "xxxx",
|
"localAgentHostPort": "xxxx",
|
||||||
"globalTag": "foobar",
|
"globalTags": {
|
||||||
|
"foobar": "foobar"
|
||||||
|
},
|
||||||
"debug": true,
|
"debug": true,
|
||||||
"prioritySampling": true,
|
"prioritySampling": true,
|
||||||
"traceIDHeaderName": "foobar",
|
"traceIDHeaderName": "foobar",
|
||||||
|
|
|
@ -99,8 +99,7 @@
|
||||||
"stripPrefix": {
|
"stripPrefix": {
|
||||||
"prefixes": [
|
"prefixes": [
|
||||||
"foo"
|
"foo"
|
||||||
],
|
]
|
||||||
"forceSlash": true
|
|
||||||
},
|
},
|
||||||
"stripPrefixRegex": {
|
"stripPrefixRegex": {
|
||||||
"regex": [
|
"regex": [
|
||||||
|
@ -161,13 +160,9 @@
|
||||||
"hostsProxyHeaders": [
|
"hostsProxyHeaders": [
|
||||||
"foo"
|
"foo"
|
||||||
],
|
],
|
||||||
"sslRedirect": true,
|
|
||||||
"sslTemporaryRedirect": true,
|
|
||||||
"sslHost": "foo",
|
|
||||||
"sslProxyHeaders": {
|
"sslProxyHeaders": {
|
||||||
"foo": "bar"
|
"foo": "bar"
|
||||||
},
|
},
|
||||||
"sslForceHost": true,
|
|
||||||
"stsSeconds": 42,
|
"stsSeconds": 42,
|
||||||
"stsIncludeSubdomains": true,
|
"stsIncludeSubdomains": true,
|
||||||
"stsPreload": true,
|
"stsPreload": true,
|
||||||
|
@ -180,7 +175,6 @@
|
||||||
"contentSecurityPolicy": "foo",
|
"contentSecurityPolicy": "foo",
|
||||||
"publicKey": "foo",
|
"publicKey": "foo",
|
||||||
"referrerPolicy": "foo",
|
"referrerPolicy": "foo",
|
||||||
"featurePolicy": "foo",
|
|
||||||
"permissionsPolicy": "foo",
|
"permissionsPolicy": "foo",
|
||||||
"isDevelopment": true
|
"isDevelopment": true
|
||||||
},
|
},
|
||||||
|
@ -238,7 +232,6 @@
|
||||||
"address": "127.0.0.1",
|
"address": "127.0.0.1",
|
||||||
"tls": {
|
"tls": {
|
||||||
"ca": "ca.pem",
|
"ca": "ca.pem",
|
||||||
"caOptional": true,
|
|
||||||
"cert": "cert.pem",
|
"cert": "cert.pem",
|
||||||
"key": "xxxx",
|
"key": "xxxx",
|
||||||
"insecureSkipVerify": true
|
"insecureSkipVerify": true
|
||||||
|
|
|
@ -18,14 +18,13 @@ type ClientAuth struct {
|
||||||
|
|
||||||
// Options configures TLS for an entry point.
|
// Options configures TLS for an entry point.
|
||||||
type Options struct {
|
type Options struct {
|
||||||
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
||||||
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
||||||
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
|
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
|
||||||
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
|
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
|
||||||
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
||||||
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
||||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430
|
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
||||||
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetDefaults sets the default values for an Options struct.
|
// SetDefaults sets the default values for an Options struct.
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/opentracing/opentracing-go"
|
"github.com/opentracing/opentracing-go"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
|
@ -18,9 +17,7 @@ const Name = "datadog"
|
||||||
|
|
||||||
// Config provides configuration settings for a datadog tracer.
|
// Config provides configuration settings for a datadog tracer.
|
||||||
type Config struct {
|
type Config struct {
|
||||||
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
|
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
|
||||||
// Deprecated: use GlobalTags instead.
|
|
||||||
GlobalTag string `description:"Sets a key:value tag on all spans." json:"globalTag,omitempty" toml:"globalTag,omitempty" yaml:"globalTag,omitempty" export:"true"`
|
|
||||||
GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"`
|
GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"`
|
||||||
Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
|
Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
|
||||||
PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"`
|
PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"`
|
||||||
|
@ -66,17 +63,6 @@ func (c *Config) Setup(serviceName string) (opentracing.Tracer, io.Closer, error
|
||||||
opts = append(opts, datadog.WithGlobalTag(k, v))
|
opts = append(opts, datadog.WithGlobalTag(k, v))
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.GlobalTag != "" {
|
|
||||||
logger.Warn().Msg(`Datadog: option "globalTag" is deprecated, please use "globalTags" instead.`)
|
|
||||||
|
|
||||||
key, value, _ := strings.Cut(c.GlobalTag, ":")
|
|
||||||
|
|
||||||
// Don't override a tag already defined with the new option.
|
|
||||||
if _, ok := c.GlobalTags[key]; !ok {
|
|
||||||
opts = append(opts, datadog.WithGlobalTag(key, value))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if c.PrioritySampling {
|
if c.PrioritySampling {
|
||||||
opts = append(opts, datadog.WithPrioritySampling())
|
opts = append(opts, datadog.WithPrioritySampling())
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,9 +16,7 @@ import (
|
||||||
// ClientTLS holds TLS specific configurations as client
|
// ClientTLS holds TLS specific configurations as client
|
||||||
// CA, Cert and Key can be either path or file contents.
|
// CA, Cert and Key can be either path or file contents.
|
||||||
type ClientTLS struct {
|
type ClientTLS struct {
|
||||||
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
|
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
|
||||||
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
|
|
||||||
CAOptional bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"`
|
|
||||||
Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
|
Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
|
||||||
Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
|
Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
|
||||||
InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
|
InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
|
||||||
|
@ -31,10 +29,6 @@ func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if c.CAOptional {
|
|
||||||
log.Ctx(ctx).Warn().Msg("CAOptional is deprecated, TLS client authentication is a server side option.")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Not initialized, to rely on system bundle.
|
// Not initialized, to rely on system bundle.
|
||||||
var caPool *x509.CertPool
|
var caPool *x509.CertPool
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue