Remove deprecated options
This commit is contained in:
parent
bee86b5ac7
commit
a3e4c85ec0
62 changed files with 43 additions and 985 deletions
|
@ -134,14 +134,6 @@ issues:
|
|||
exclude:
|
||||
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
|
||||
- "should have a package comment, unless it's in another file for this package"
|
||||
- 'SA1019: cfg.SSLRedirect is deprecated'
|
||||
- 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
|
||||
- 'SA1019: cfg.SSLHost is deprecated'
|
||||
- 'SA1019: cfg.SSLForceHost is deprecated'
|
||||
- 'SA1019: cfg.FeaturePolicy is deprecated'
|
||||
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
|
||||
- 'SA1019: c.Providers.Consul.Namespace is deprecated'
|
||||
- 'SA1019: c.Providers.Nomad.Namespace is deprecated'
|
||||
exclude-rules:
|
||||
- path: '(.+)_test.go'
|
||||
linters:
|
||||
|
|
|
@ -204,10 +204,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if staticConfiguration.Pilot != nil {
|
||||
log.Warn().Msg("Traefik Pilot has been removed.")
|
||||
}
|
||||
|
||||
// Plugins
|
||||
|
||||
pluginBuilder, err := createPluginBuilder(staticConfiguration)
|
||||
|
|
|
@ -2,33 +2,4 @@
|
|||
|
||||
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
|
||||
|
||||
| Feature | Deprecated | End of Support | Removal |
|
||||
|-------------------------------------------------------------|------------|----------------|---------|
|
||||
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
|
||||
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
|
||||
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
|
||||
| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 |
|
||||
|
||||
## Impact
|
||||
|
||||
### Pilot
|
||||
|
||||
Metrics will continue to function normally up to 2.8, when they will be disabled.
|
||||
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
|
||||
|
||||
Starting on 2.7 the pilot token will not be a requirement anymore for plugins.
|
||||
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from Pilot.
|
||||
|
||||
### Consul Enterprise Namespace
|
||||
|
||||
Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated,
|
||||
please use the `namespaces` options instead.
|
||||
|
||||
### TLS 1.0 and 1.1
|
||||
|
||||
Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration.
|
||||
|
||||
### Nomad Namespace
|
||||
|
||||
Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
|
||||
please use the `namespaces` options instead.
|
||||
There is no feature deprecation in Traefik v3 for now.
|
||||
|
|
|
@ -364,43 +364,11 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
|
|||
|
||||
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
||||
|
||||
### `sslRedirect`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
||||
|
||||
The `sslRedirect` only allow HTTPS requests when set to `true`.
|
||||
|
||||
### `sslTemporaryRedirect`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
|
||||
|
||||
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
|
||||
|
||||
### `sslHost`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
||||
|
||||
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
|
||||
|
||||
### `sslProxyHeaders`
|
||||
|
||||
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
|
||||
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
|
||||
|
||||
### `sslForceHost`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
|
||||
|
||||
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
|
||||
|
||||
### `stsSeconds`
|
||||
|
||||
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
|
||||
|
@ -452,14 +420,6 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
|
|||
|
||||
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
|
||||
|
||||
### `featurePolicy`
|
||||
|
||||
!!! warning
|
||||
|
||||
Deprecated in favor of `permissionsPolicy`
|
||||
|
||||
The `featurePolicy` allows sites to control browser features.
|
||||
|
||||
### `permissionsPolicy`
|
||||
|
||||
The `permissionsPolicy` allows sites to control browser features.
|
||||
|
|
|
@ -88,85 +88,3 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
|
|||
|
||||
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
|
||||
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
|
||||
|
||||
### `forceSlash`
|
||||
|
||||
_Optional, Default=true_
|
||||
|
||||
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
|
||||
|
||||
This option was added to keep the initial (non-intuitive) behavior of this middleware, in order to avoid introducing a breaking change.
|
||||
|
||||
It is recommended to explicitly set `forceSlash` to `false`.
|
||||
|
||||
??? info "Behavior examples"
|
||||
|
||||
- `forceSlash=true`
|
||||
|
||||
| Path | Prefix to strip | Result |
|
||||
|------------|-----------------|--------|
|
||||
| `/` | `/` | `/` |
|
||||
| `/foo` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo/` | `/` |
|
||||
| `/bar` | `/foo` | `/bar` |
|
||||
| `/foo/bar` | `/foo` | `/bar` |
|
||||
|
||||
- `forceSlash=false`
|
||||
|
||||
| Path | Prefix to strip | Result |
|
||||
|------------|-----------------|--------|
|
||||
| `/` | `/` | empty |
|
||||
| `/foo` | `/foo` | empty |
|
||||
| `/foo/` | `/foo` | `/` |
|
||||
| `/foo/` | `/foo/` | empty |
|
||||
| `/bar` | `/foo` | `/bar` |
|
||||
| `/foo/bar` | `/foo` | `/bar` |
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
|
||||
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: example
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/foobar"
|
||||
forceSlash: false
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
|
||||
"traefik.http.middlewares.example.stripprefix.forceSlash": "false"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
|
||||
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
http:
|
||||
middlewares:
|
||||
example:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/foobar"
|
||||
forceSlash: false
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[http.middlewares]
|
||||
[http.middlewares.example.stripPrefix]
|
||||
prefixes = ["/foobar"]
|
||||
forceSlash = false
|
||||
```
|
||||
|
|
|
@ -19,4 +19,14 @@ In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing
|
|||
|
||||
## gRPC Metrics
|
||||
|
||||
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
|
||||
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
|
||||
|
||||
## Deprecated Options Removal
|
||||
|
||||
- The `pilot` option has been removed from the static configuration.
|
||||
- The `tracing.datadog.globaltag` option has been removed.
|
||||
- The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed.
|
||||
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers.
|
||||
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
|
||||
- The `forceSlash` option of the StripPrefix middleware has been removed.
|
||||
- the `preferServerCipherSuites` option has been removed.
|
||||
|
|
|
@ -65,30 +65,6 @@ tracing:
|
|||
--tracing.datadog.debug=true
|
||||
```
|
||||
|
||||
#### `globalTag`
|
||||
|
||||
??? warning "Deprecated in favor of the [`globalTags`](#globaltags) option."
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
||||
Applies a shared key:value tag on all spans.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
tracing:
|
||||
datadog:
|
||||
globalTag: sample
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[tracing]
|
||||
[tracing.datadog]
|
||||
globalTag = "sample"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--tracing.datadog.globalTag=sample
|
||||
```
|
||||
|
||||
#### `globalTags`
|
||||
|
||||
_Optional, Default=empty_
|
||||
|
|
|
@ -667,41 +667,6 @@ providers:
|
|||
|
||||
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||||
|
||||
### `namespace`
|
||||
|
||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
The `namespace` option defines the namespace in which the consul catalog services will be discovered.
|
||||
|
||||
!!! warning
|
||||
|
||||
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
|
||||
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
|
||||
|
||||
!!! warning
|
||||
|
||||
One should only define either the `namespaces` option or the `namespace` option.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
consulCatalog:
|
||||
namespace: "production"
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.consulCatalog]
|
||||
namespace = "production"
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.consulcatalog.namespace=production
|
||||
# ...
|
||||
```
|
||||
|
||||
### `namespaces`
|
||||
|
||||
_Optional, Default=""_
|
||||
|
|
|
@ -59,40 +59,6 @@ providers:
|
|||
--providers.consul.rootkey=traefik
|
||||
```
|
||||
|
||||
### `namespace`
|
||||
|
||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
The `namespace` option defines the namespace to query.
|
||||
|
||||
!!! warning
|
||||
|
||||
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
|
||||
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
|
||||
|
||||
!!! warning
|
||||
|
||||
One should only define either the `namespaces` option or the `namespace` option.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
consul:
|
||||
# ...
|
||||
namespace: "production"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.consul]
|
||||
# ...
|
||||
namespace = "production"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.consul.namespace=production
|
||||
```
|
||||
|
||||
### `namespaces`
|
||||
|
||||
_Optional, Default=""_
|
||||
|
|
|
@ -440,36 +440,6 @@ providers:
|
|||
|
||||
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
|
||||
|
||||
### `namespace`
|
||||
|
||||
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
|
||||
|
||||
_Optional, Default=""_
|
||||
|
||||
The `namespace` option defines the namespace in which the Nomad services will be discovered.
|
||||
|
||||
!!! warning
|
||||
|
||||
One should only define either the `namespaces` option or the `namespace` option.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
nomad:
|
||||
namespace: "production"
|
||||
# ...
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.nomad]
|
||||
namespace = "production"
|
||||
# ...
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.nomad.namespace=production
|
||||
# ...
|
||||
```
|
||||
|
||||
### `namespaces`
|
||||
|
||||
_Optional, Default=""_
|
||||
|
|
|
@ -31,7 +31,6 @@
|
|||
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
|
||||
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
|
||||
|
@ -54,7 +53,6 @@
|
|||
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.framedeny=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
|
||||
|
@ -62,12 +60,8 @@
|
|||
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
|
||||
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
|
||||
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
|
||||
|
@ -118,7 +112,6 @@
|
|||
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
|
||||
- "traefik.http.middlewares.middleware20.retry.attempts=42"
|
||||
- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
|
||||
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
|
||||
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
|
||||
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
|
||||
|
|
|
@ -159,7 +159,6 @@
|
|||
authRequestHeaders = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware09.forwardAuth.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -175,10 +174,6 @@
|
|||
addVaryHeader = true
|
||||
allowedHosts = ["foobar", "foobar"]
|
||||
hostsProxyHeaders = ["foobar", "foobar"]
|
||||
sslRedirect = true
|
||||
sslTemporaryRedirect = true
|
||||
sslHost = "foobar"
|
||||
sslForceHost = true
|
||||
stsSeconds = 42
|
||||
stsIncludeSubdomains = true
|
||||
stsPreload = true
|
||||
|
@ -191,7 +186,6 @@
|
|||
contentSecurityPolicy = "foobar"
|
||||
publicKey = "foobar"
|
||||
referrerPolicy = "foobar"
|
||||
featurePolicy = "foobar"
|
||||
permissionsPolicy = "foobar"
|
||||
isDevelopment = true
|
||||
[http.middlewares.Middleware10.headers.customRequestHeaders]
|
||||
|
@ -282,7 +276,6 @@
|
|||
[http.middlewares.Middleware21]
|
||||
[http.middlewares.Middleware21.stripPrefix]
|
||||
prefixes = ["foobar", "foobar"]
|
||||
forceSlash = true
|
||||
[http.middlewares.Middleware22]
|
||||
[http.middlewares.Middleware22.stripPrefixRegex]
|
||||
regex = ["foobar", "foobar"]
|
||||
|
@ -458,7 +451,6 @@
|
|||
cipherSuites = ["foobar", "foobar"]
|
||||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
preferServerCipherSuites = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
[tls.options.Options0.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
|
@ -469,7 +461,6 @@
|
|||
cipherSuites = ["foobar", "foobar"]
|
||||
curvePreferences = ["foobar", "foobar"]
|
||||
sniStrict = true
|
||||
preferServerCipherSuites = true
|
||||
alpnProtocols = ["foobar", "foobar"]
|
||||
[tls.options.Options1.clientAuth]
|
||||
caFiles = ["foobar", "foobar"]
|
||||
|
|
|
@ -164,7 +164,6 @@ http:
|
|||
address: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -208,13 +207,9 @@ http:
|
|||
hostsProxyHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
sslRedirect: true
|
||||
sslTemporaryRedirect: true
|
||||
sslHost: foobar
|
||||
sslProxyHeaders:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
sslForceHost: true
|
||||
stsSeconds: 42
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
|
@ -227,7 +222,6 @@ http:
|
|||
contentSecurityPolicy: foobar
|
||||
publicKey: foobar
|
||||
referrerPolicy: foobar
|
||||
featurePolicy: foobar
|
||||
permissionsPolicy: foobar
|
||||
isDevelopment: true
|
||||
Middleware11:
|
||||
|
@ -319,7 +313,6 @@ http:
|
|||
prefixes:
|
||||
- foobar
|
||||
- foobar
|
||||
forceSlash: true
|
||||
Middleware22:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
|
@ -509,7 +502,6 @@ tls:
|
|||
- foobar
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
|
@ -528,7 +520,6 @@ tls:
|
|||
- foobar
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
|
|
|
@ -946,8 +946,6 @@ spec:
|
|||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
|
@ -1066,9 +1064,6 @@ spec:
|
|||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
|
@ -1104,12 +1099,6 @@ spec:
|
|||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
@ -1118,14 +1107,6 @@ spec:
|
|||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
|
@ -1467,11 +1448,6 @@ spec:
|
|||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||
properties:
|
||||
forceSlash:
|
||||
description: 'ForceSlash ensures that the resulting stripped path
|
||||
is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.'
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
|
@ -1807,12 +1783,6 @@ spec:
|
|||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: 'PreferServerCipherSuites defines whether the server
|
||||
chooses a cipher suite among his own instead of among the client''s.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430'
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
|
|
|
@ -193,7 +193,6 @@ spec:
|
|||
- foobar
|
||||
clientAuthType: RequireAndVerifyClientCert
|
||||
sniStrict: true
|
||||
preferServerCipherSuites: true
|
||||
alpnProtocols:
|
||||
- foobar
|
||||
- foobar
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
|
||||
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
|
||||
|
@ -66,7 +65,6 @@
|
|||
| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
|
||||
|
@ -75,12 +73,8 @@
|
|||
| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
|
||||
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
|
||||
|
@ -135,7 +129,6 @@
|
|||
| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
|
||||
| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
|
||||
| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
|
||||
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
|
||||
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
|
||||
|
@ -312,7 +305,6 @@
|
|||
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
|
||||
| `traefik/tls/options/Options0/maxVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options0/minVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
|
||||
| `traefik/tls/options/Options0/sniStrict` | `true` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
|
||||
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
|
||||
|
@ -325,7 +317,6 @@
|
|||
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
|
||||
| `traefik/tls/options/Options1/maxVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options1/minVersion` | `foobar` |
|
||||
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
|
||||
| `traefik/tls/options/Options1/sniStrict` | `true` |
|
||||
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
|
||||
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
|
||||
|
|
|
@ -31,7 +31,6 @@
|
|||
"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
|
||||
"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
|
||||
|
@ -54,7 +53,6 @@
|
|||
"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.framedeny": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
|
||||
|
@ -62,12 +60,8 @@
|
|||
"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.publickey": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
|
||||
"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.stspreload": "true",
|
||||
"traefik.http.middlewares.middleware10.headers.stsseconds": "42",
|
||||
|
@ -118,7 +112,6 @@
|
|||
"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
|
||||
"traefik.http.middlewares.middleware20.retry.attempts": "42",
|
||||
"traefik.http.middlewares.middleware20.retry.initialinterval": "42",
|
||||
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
|
||||
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
|
||||
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
|
||||
|
|
|
@ -369,8 +369,6 @@ spec:
|
|||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
|
@ -489,9 +487,6 @@ spec:
|
|||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
|
@ -527,12 +522,6 @@ spec:
|
|||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
@ -541,14 +530,6 @@ spec:
|
|||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
|
@ -890,11 +871,6 @@ spec:
|
|||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||
properties:
|
||||
forceSlash:
|
||||
description: 'ForceSlash ensures that the resulting stripped path
|
||||
is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.'
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
|
|
|
@ -88,12 +88,6 @@ spec:
|
|||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: 'PreferServerCipherSuites defines whether the server
|
||||
chooses a cipher suite among his own instead of among the client''s.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430'
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
|
|
|
@ -417,9 +417,6 @@ Enable Consul backend with default settings. (Default: ```false```)
|
|||
`--providers.consul.endpoints`:
|
||||
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
||||
|
||||
`--providers.consul.namespace`:
|
||||
Sets the namespace used to discover the configuration (Consul Enterprise only).
|
||||
|
||||
`--providers.consul.namespaces`:
|
||||
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
||||
|
||||
|
@ -429,9 +426,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`--providers.consul.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.consul.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.consul.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -483,9 +477,6 @@ The URI scheme for the Consul server
|
|||
`--providers.consulcatalog.endpoint.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.consulcatalog.endpoint.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.consulcatalog.endpoint.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -501,9 +492,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
|
|||
`--providers.consulcatalog.exposedbydefault`:
|
||||
Expose containers by default. (Default: ```true```)
|
||||
|
||||
`--providers.consulcatalog.namespace`:
|
||||
Sets the namespace used to discover services (Consul Enterprise only).
|
||||
|
||||
`--providers.consulcatalog.namespaces`:
|
||||
Sets the namespaces used to discover services (Consul Enterprise only).
|
||||
|
||||
|
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
|
|||
`--providers.docker.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.docker.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.docker.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`--providers.etcd.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.etcd.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.etcd.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
|
|||
`--providers.http.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.http.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.http.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -819,9 +798,6 @@ Set a response header timeout for Marathon. (Default: ```60```)
|
|||
`--providers.marathon.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.marathon.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.marathon.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
|
|||
`--providers.nomad.endpoint.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.nomad.endpoint.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.nomad.endpoint.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
|
|||
`--providers.nomad.exposedbydefault`:
|
||||
Expose Nomad services by default. (Default: ```true```)
|
||||
|
||||
`--providers.nomad.namespace`:
|
||||
Sets the Nomad namespace used to discover services.
|
||||
|
||||
`--providers.nomad.namespaces`:
|
||||
Sets the Nomad namespaces used to discover services.
|
||||
|
||||
|
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`--providers.redis.tls.ca`:
|
||||
TLS CA
|
||||
|
||||
`--providers.redis.tls.caoptional`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`--providers.redis.tls.cert`:
|
||||
TLS cert
|
||||
|
||||
|
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
|
|||
`--tracing.datadog.debug`:
|
||||
Enables Datadog debug. (Default: ```false```)
|
||||
|
||||
`--tracing.datadog.globaltag`:
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`--tracing.datadog.globaltags.<name>`:
|
||||
Sets a list of key:value tags on all spans.
|
||||
|
||||
|
|
|
@ -453,9 +453,6 @@ The URI scheme for the Consul server
|
|||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -471,9 +468,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
|
|||
`TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`:
|
||||
Expose containers by default. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACE`:
|
||||
Sets the namespace used to discover services (Consul Enterprise only).
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`:
|
||||
Sets the namespaces used to discover services (Consul Enterprise only).
|
||||
|
||||
|
@ -498,9 +492,6 @@ Watch Consul API events. (Default: ```false```)
|
|||
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
|
||||
KV store endpoints. (Default: ```127.0.0.1:8500```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACE`:
|
||||
Sets the namespace used to discover the configuration (Consul Enterprise only).
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`:
|
||||
Sets the namespaces used to discover the configuration (Consul Enterprise only).
|
||||
|
||||
|
@ -510,9 +501,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -558,9 +546,6 @@ Polling interval for swarm mode. (Default: ```15```)
|
|||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -627,9 +612,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`TRAEFIK_PROVIDERS_ETCD_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -672,9 +654,6 @@ Polling timeout for endpoint. (Default: ```5```)
|
|||
`TRAEFIK_PROVIDERS_HTTP_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -822,9 +801,6 @@ Set a TLS handshake timeout for Marathon. (Default: ```5```)
|
|||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -861,9 +837,6 @@ Nomad region to use. If not provided, the local agent region is used.
|
|||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -879,9 +852,6 @@ Token is used to provide a per-request ACL token.
|
|||
`TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`:
|
||||
Expose Nomad services by default. (Default: ```true```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACE`:
|
||||
Sets the Nomad namespace used to discover services.
|
||||
|
||||
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`:
|
||||
Sets the Nomad namespaces used to discover services.
|
||||
|
||||
|
@ -945,9 +915,6 @@ Root key used for KV store. (Default: ```traefik```)
|
|||
`TRAEFIK_PROVIDERS_REDIS_TLS_CA`:
|
||||
TLS CA
|
||||
|
||||
`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`:
|
||||
TLS CA.Optional (Default: ```false```)
|
||||
|
||||
`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:
|
||||
TLS cert
|
||||
|
||||
|
@ -1023,9 +990,6 @@ Sets the header name prefix used to store baggage items in a map.
|
|||
`TRAEFIK_TRACING_DATADOG_DEBUG`:
|
||||
Enables Datadog debug. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
|
||||
Sets a key:value tag on all spans.
|
||||
|
||||
`TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`:
|
||||
Sets a list of key:value tags on all spans.
|
||||
|
||||
|
|
|
@ -71,7 +71,6 @@
|
|||
allowEmptyServices = true
|
||||
[providers.docker.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -96,7 +95,6 @@
|
|||
respectReadinessChecks = true
|
||||
[providers.marathon.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -159,7 +157,6 @@
|
|||
connectByDefault = true
|
||||
serviceName = "foobar"
|
||||
watch = true
|
||||
namespace = "foobar"
|
||||
namespaces = ["foobar", "foobar"]
|
||||
[providers.consulCatalog.endpoint]
|
||||
address = "foobar"
|
||||
|
@ -169,7 +166,6 @@
|
|||
endpointWaitTime = "42s"
|
||||
[providers.consulCatalog.endpoint.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -181,7 +177,6 @@
|
|||
constraints = "foobar"
|
||||
prefix = "foobar"
|
||||
stale = true
|
||||
namespace = "foobar"
|
||||
namespaces = ["foobar", "foobar"]
|
||||
exposedByDefault = true
|
||||
refreshInterval = "42s"
|
||||
|
@ -192,7 +187,6 @@
|
|||
endpointWaitTime = "42s"
|
||||
[providers.nomad.endpoint.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -212,11 +206,9 @@
|
|||
rootKey = "foobar"
|
||||
endpoints = ["foobar", "foobar"]
|
||||
token = "foobar"
|
||||
namespace = "foobar"
|
||||
namespaces = ["foobar", "foobar"]
|
||||
[providers.consul.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -227,7 +219,6 @@
|
|||
password = "foobar"
|
||||
[providers.etcd.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -244,7 +235,6 @@
|
|||
db = 42
|
||||
[providers.redis.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -257,7 +247,6 @@
|
|||
name1 = "foobar"
|
||||
[providers.http.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -376,7 +365,6 @@
|
|||
sampleRate = 42.0
|
||||
[tracing.datadog]
|
||||
localAgentHostPort = "foobar"
|
||||
globalTag = "foobar"
|
||||
[tracing.datadog.globalTags]
|
||||
tag1 = "foobar"
|
||||
tag2 = "foobar"
|
||||
|
|
|
@ -70,7 +70,6 @@ providers:
|
|||
defaultRule: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -96,7 +95,6 @@ providers:
|
|||
dcosToken: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -171,7 +169,6 @@ providers:
|
|||
connectByDefault: true
|
||||
serviceName: foobar
|
||||
watch: true
|
||||
namespace: foobar
|
||||
namespaces:
|
||||
- foobar
|
||||
- foobar
|
||||
|
@ -183,7 +180,6 @@ providers:
|
|||
endpointWaitTime: 42s
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -195,7 +191,6 @@ providers:
|
|||
constraints: foobar
|
||||
prefix: foobar
|
||||
stale: true
|
||||
namespace: foobar
|
||||
namespaces:
|
||||
- foobar
|
||||
- foobar
|
||||
|
@ -208,7 +203,6 @@ providers:
|
|||
endpointWaitTime: 42s
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -232,13 +226,11 @@ providers:
|
|||
- foobar
|
||||
- foobar
|
||||
token: foobar
|
||||
namespace: foobar
|
||||
namespaces:
|
||||
- foobar
|
||||
- foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -251,7 +243,6 @@ providers:
|
|||
password: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -272,7 +263,6 @@ providers:
|
|||
db: 42
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -285,7 +275,6 @@ providers:
|
|||
name1: foobar
|
||||
tls:
|
||||
ca: foobar
|
||||
caOptional: true
|
||||
cert: foobar
|
||||
key: foobar
|
||||
insecureSkipVerify: true
|
||||
|
@ -402,7 +391,6 @@ tracing:
|
|||
sampleRate: 42
|
||||
datadog:
|
||||
localAgentHostPort: foobar
|
||||
globalTag: foobar
|
||||
globalTags:
|
||||
tag1: foobar
|
||||
tag2: foobar
|
||||
|
|
|
@ -102,7 +102,6 @@ func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
|
|||
"traefik/http/middlewares/compressor/compress": "",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
||||
}
|
||||
|
||||
for k, v := range data {
|
||||
|
|
|
@ -97,7 +97,6 @@ func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
|
|||
"traefik/http/middlewares/compressor/compress": "",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
||||
}
|
||||
|
||||
for k, v := range data {
|
||||
|
|
|
@ -946,8 +946,6 @@ spec:
|
|||
description: TLS defines the configuration used to secure the
|
||||
connection to the authentication server.
|
||||
properties:
|
||||
caOptional:
|
||||
type: boolean
|
||||
caSecret:
|
||||
description: CASecret is the name of the referenced Kubernetes
|
||||
Secret containing the CA to validate the server certificate.
|
||||
|
@ -1066,9 +1064,6 @@ spec:
|
|||
description: CustomResponseHeaders defines the header names and
|
||||
values to apply to the response.
|
||||
type: object
|
||||
featurePolicy:
|
||||
description: 'Deprecated: use PermissionsPolicy instead.'
|
||||
type: string
|
||||
forceSTSHeader:
|
||||
description: ForceSTSHeader defines whether to add the STS header
|
||||
even when the connection is HTTP.
|
||||
|
@ -1104,12 +1099,6 @@ spec:
|
|||
value. This allows sites to control whether browsers forward
|
||||
the Referer header to other sites.
|
||||
type: string
|
||||
sslForceHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: boolean
|
||||
sslHost:
|
||||
description: 'Deprecated: use RedirectRegex instead.'
|
||||
type: string
|
||||
sslProxyHeaders:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
@ -1118,14 +1107,6 @@ spec:
|
|||
useful when using other proxies (example: "X-Forwarded-Proto":
|
||||
"https").'
|
||||
type: object
|
||||
sslRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
sslTemporaryRedirect:
|
||||
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
|
||||
instead.'
|
||||
type: boolean
|
||||
stsIncludeSubdomains:
|
||||
description: STSIncludeSubdomains defines whether the includeSubDomains
|
||||
directive is appended to the Strict-Transport-Security header.
|
||||
|
@ -1467,11 +1448,6 @@ spec:
|
|||
This middleware removes the specified prefixes from the URL path.
|
||||
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
|
||||
properties:
|
||||
forceSlash:
|
||||
description: 'ForceSlash ensures that the resulting stripped path
|
||||
is not the empty string, by replacing it with / when necessary.
|
||||
Default: true.'
|
||||
type: boolean
|
||||
prefixes:
|
||||
description: Prefixes defines the prefixes to strip from the request
|
||||
URL.
|
||||
|
@ -1807,12 +1783,6 @@ spec:
|
|||
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
|
||||
VersionTLS13. Default: VersionTLS10.'
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: 'PreferServerCipherSuites defines whether the server
|
||||
chooses a cipher suite among his own instead of among the client''s.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430'
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
|
|
|
@ -98,7 +98,6 @@ func (s *RedisSuite) TestSimpleConfiguration(c *check.C) {
|
|||
"traefik/http/middlewares/compressor/compress": "true",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
||||
}
|
||||
|
||||
for k, v := range data {
|
||||
|
|
3
integration/testdata/rawdata-consul.json
vendored
3
integration/testdata/rawdata-consul.json
vendored
|
@ -112,8 +112,7 @@
|
|||
"prefixes": [
|
||||
"foo",
|
||||
"bar"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"status": "enabled",
|
||||
"usedBy": [
|
||||
|
|
3
integration/testdata/rawdata-etcd.json
vendored
3
integration/testdata/rawdata-etcd.json
vendored
|
@ -112,8 +112,7 @@
|
|||
"prefixes": [
|
||||
"foo",
|
||||
"bar"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"status": "enabled",
|
||||
"usedBy": [
|
||||
|
|
3
integration/testdata/rawdata-redis.json
vendored
3
integration/testdata/rawdata-redis.json
vendored
|
@ -112,8 +112,7 @@
|
|||
"prefixes": [
|
||||
"foo",
|
||||
"bar"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"status": "enabled",
|
||||
"usedBy": [
|
||||
|
|
3
integration/testdata/rawdata-zk.json
vendored
3
integration/testdata/rawdata-zk.json
vendored
|
@ -112,8 +112,7 @@
|
|||
"prefixes": [
|
||||
"foo",
|
||||
"bar"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"status": "enabled",
|
||||
"usedBy": [
|
||||
|
|
|
@ -100,7 +100,6 @@ func (s *ZookeeperSuite) TestSimpleConfiguration(c *check.C) {
|
|||
"traefik/http/middlewares/compressor/compress": "",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/0": "foo",
|
||||
"traefik/http/middlewares/striper/stripPrefix/prefixes/1": "bar",
|
||||
"traefik/http/middlewares/striper/stripPrefix/forceSlash": "true",
|
||||
}
|
||||
|
||||
for k, v := range data {
|
||||
|
|
|
@ -46,7 +46,6 @@
|
|||
httpClientTimeout = 42
|
||||
[providers.docker.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -71,7 +70,6 @@
|
|||
respectReadinessChecks = true
|
||||
[providers.marathon.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -182,7 +180,6 @@
|
|||
sampleRate = 42.0
|
||||
[tracing.datadog]
|
||||
localAgentHostPort = "foobar"
|
||||
globalTag = "foobar"
|
||||
debug = true
|
||||
prioritySampling = true
|
||||
traceIDHeaderName = "foobar"
|
||||
|
@ -292,7 +289,6 @@
|
|||
authRequestHeaders = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware15.forwardAuth.tls]
|
||||
ca = "foobar"
|
||||
caOptional = true
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
|
@ -376,10 +372,6 @@
|
|||
addVaryHeader = true
|
||||
allowedHosts = ["foobar", "foobar"]
|
||||
hostsProxyHeaders = ["foobar", "foobar"]
|
||||
sslRedirect = true
|
||||
sslTemporaryRedirect = true
|
||||
sslHost = "foobar"
|
||||
sslForceHost = true
|
||||
stsSeconds = 42
|
||||
stsIncludeSubdomains = true
|
||||
stsPreload = true
|
||||
|
@ -392,7 +384,6 @@
|
|||
contentSecurityPolicy = "foobar"
|
||||
publicKey = "foobar"
|
||||
referrerPolicy = "foobar"
|
||||
featurePolicy = "foobar"
|
||||
isDevelopment = true
|
||||
[http.middlewares.Middleware8.headers.customRequestHeaders]
|
||||
name0 = "foobar"
|
||||
|
|
|
@ -260,17 +260,9 @@ type Headers struct {
|
|||
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
|
||||
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
|
||||
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
|
||||
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
||||
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
|
||||
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
|
||||
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
|
||||
// Deprecated: use RedirectRegex instead.
|
||||
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
|
||||
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
|
||||
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
|
||||
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
|
||||
// Deprecated: use RedirectRegex instead.
|
||||
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
|
||||
// STSSeconds defines the max-age of the Strict-Transport-Security header.
|
||||
// If set to 0, the header is not set.
|
||||
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
|
||||
|
@ -299,8 +291,6 @@ type Headers struct {
|
|||
// ReferrerPolicy defines the Referrer-Policy header value.
|
||||
// This allows sites to control whether browsers forward the Referer header to other sites.
|
||||
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
|
||||
// Deprecated: use PermissionsPolicy instead.
|
||||
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
|
||||
// PermissionsPolicy defines the Permissions-Policy header value.
|
||||
// This allows sites to control browser features.
|
||||
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
|
||||
|
@ -333,10 +323,6 @@ func (h *Headers) HasCorsHeadersDefined() bool {
|
|||
func (h *Headers) HasSecureHeadersDefined() bool {
|
||||
return h != nil && (len(h.AllowedHosts) != 0 ||
|
||||
len(h.HostsProxyHeaders) != 0 ||
|
||||
h.SSLRedirect ||
|
||||
h.SSLTemporaryRedirect ||
|
||||
h.SSLForceHost ||
|
||||
h.SSLHost != "" ||
|
||||
len(h.SSLProxyHeaders) != 0 ||
|
||||
h.STSSeconds != 0 ||
|
||||
h.STSIncludeSubdomains ||
|
||||
|
@ -350,7 +336,6 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
h.ContentSecurityPolicy != "" ||
|
||||
h.PublicKey != "" ||
|
||||
h.ReferrerPolicy != "" ||
|
||||
h.FeaturePolicy != "" ||
|
||||
h.PermissionsPolicy != "" ||
|
||||
h.IsDevelopment)
|
||||
}
|
||||
|
@ -553,14 +538,6 @@ type Retry struct {
|
|||
type StripPrefix struct {
|
||||
// Prefixes defines the prefixes to strip from the request URL.
|
||||
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
|
||||
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
|
||||
// Default: true.
|
||||
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
|
||||
}
|
||||
|
||||
// SetDefaults Default values for a StripPrefix.
|
||||
func (s *StripPrefix) SetDefaults() {
|
||||
s.ForceSlash = true
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
|
|
@ -42,7 +42,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.authrequestheaders": "foobar, fiibar",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.ca": "foobar",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional": "true",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.cert": "foobar",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify": "true",
|
||||
"traefik.http.middlewares.Middleware7.forwardauth.tls.key": "foobar",
|
||||
|
@ -71,14 +70,9 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"traefik.http.middlewares.Middleware8.headers.isdevelopment": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.publickey": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.referrerpolicy": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.featurepolicy": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.permissionspolicy": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.sslforcehost": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.sslhost": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1": "foobar",
|
||||
"traefik.http.middlewares.Middleware8.headers.sslredirect": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.stsincludesubdomains": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.stspreload": "true",
|
||||
"traefik.http.middlewares.Middleware8.headers.stsseconds": "42",
|
||||
|
@ -462,7 +456,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"fiibar",
|
||||
},
|
||||
ForceSlash: true,
|
||||
},
|
||||
},
|
||||
"Middleware18": {
|
||||
|
@ -530,7 +523,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
Address: "foobar",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "foobar",
|
||||
CAOptional: true,
|
||||
Cert: "foobar",
|
||||
Key: "foobar",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -587,14 +579,10 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"fiibar",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLHost: "foobar",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
},
|
||||
SSLForceHost: true,
|
||||
STSSeconds: 42,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
|
@ -607,7 +595,6 @@ func TestDecodeConfiguration(t *testing.T) {
|
|||
ContentSecurityPolicy: "foobar",
|
||||
PublicKey: "foobar",
|
||||
ReferrerPolicy: "foobar",
|
||||
FeaturePolicy: "foobar",
|
||||
PermissionsPolicy: "foobar",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
|
@ -958,7 +945,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"fiibar",
|
||||
},
|
||||
ForceSlash: true,
|
||||
},
|
||||
},
|
||||
"Middleware18": {
|
||||
|
@ -1034,7 +1020,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
Address: "foobar",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "foobar",
|
||||
CAOptional: true,
|
||||
Cert: "foobar",
|
||||
Key: "foobar",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -1091,14 +1076,10 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"fiibar",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLHost: "foobar",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"name0": "foobar",
|
||||
"name1": "foobar",
|
||||
},
|
||||
SSLForceHost: true,
|
||||
STSSeconds: 42,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
|
@ -1111,7 +1092,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
ContentSecurityPolicy: "foobar",
|
||||
PublicKey: "foobar",
|
||||
ReferrerPolicy: "foobar",
|
||||
FeaturePolicy: "foobar",
|
||||
PermissionsPolicy: "foobar",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
|
@ -1231,7 +1211,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthRequestHeaders": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key": "foobar",
|
||||
|
@ -1260,14 +1239,9 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.FeaturePolicy": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.PermissionsPolicy": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1": "foobar",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds": "42",
|
||||
|
@ -1318,7 +1292,6 @@ func TestEncodeConfiguration(t *testing.T) {
|
|||
"traefik.HTTP.Middlewares.Middleware16.Retry.Attempts": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware16.Retry.InitialInterval": "1000000000",
|
||||
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware17.StripPrefix.ForceSlash": "true",
|
||||
"traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex": "foobar, fiibar",
|
||||
"traefik.HTTP.Middlewares.Middleware19.Compress.MinResponseBodyBytes": "42",
|
||||
"traefik.HTTP.Middlewares.Middleware20.Plugin.tomato.aaa": "foo1",
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
package static
|
||||
|
||||
// Pilot Configuration related to Traefik Pilot.
|
||||
// Deprecated.
|
||||
type Pilot struct {
|
||||
Token string `description:"Traefik Pilot token. (Deprecated)" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
||||
Dashboard bool `description:"Enable Traefik Pilot in the dashboard. (Deprecated)" json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty"`
|
||||
}
|
|
@ -78,9 +78,6 @@ type Configuration struct {
|
|||
|
||||
CertificatesResolvers map[string]CertificateResolver `description:"Certificates resolvers configuration." json:"certificatesResolvers,omitempty" toml:"certificatesResolvers,omitempty" yaml:"certificatesResolvers,omitempty" export:"true"`
|
||||
|
||||
// Deprecated.
|
||||
Pilot *Pilot `description:"Traefik Pilot configuration (Deprecated)." json:"pilot,omitempty" toml:"pilot,omitempty" yaml:"pilot,omitempty" export:"true"`
|
||||
|
||||
Hub *hub.Provider `description:"Traefik Hub configuration." json:"hub,omitempty" toml:"hub,omitempty" yaml:"hub,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
|
||||
Experimental *Experimental `description:"experimental features." json:"experimental,omitempty" toml:"experimental,omitempty" yaml:"experimental,omitempty" export:"true"`
|
||||
|
@ -264,11 +261,6 @@ func (c *Configuration) SetEffectiveConfiguration() {
|
|||
}
|
||||
}
|
||||
|
||||
// Enable anonymous usage when pilot is enabled.
|
||||
if c.Pilot != nil {
|
||||
c.Global.SendAnonymousUsage = true
|
||||
}
|
||||
|
||||
// Disable Gateway API provider if not enabled in experimental.
|
||||
if c.Experimental == nil || !c.Experimental.KubernetesGateway {
|
||||
c.Providers.KubernetesGateway = nil
|
||||
|
@ -346,18 +338,6 @@ func (c *Configuration) ValidateConfiguration() error {
|
|||
acmeEmail = resolver.ACME.Email
|
||||
}
|
||||
|
||||
if c.Providers.ConsulCatalog != nil && c.Providers.ConsulCatalog.Namespace != "" && len(c.Providers.ConsulCatalog.Namespaces) > 0 {
|
||||
return fmt.Errorf("Consul Catalog provider cannot have both namespace and namespaces options configured")
|
||||
}
|
||||
|
||||
if c.Providers.Consul != nil && c.Providers.Consul.Namespace != "" && len(c.Providers.Consul.Namespaces) > 0 {
|
||||
return fmt.Errorf("Consul provider cannot have both namespace and namespaces options configured")
|
||||
}
|
||||
|
||||
if c.Providers.Nomad != nil && c.Providers.Nomad.Namespace != "" && len(c.Providers.Nomad.Namespaces) > 0 {
|
||||
return fmt.Errorf("Nomad provider cannot have both namespace and namespaces options configured")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -1,16 +1,13 @@
|
|||
package headers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/logs"
|
||||
)
|
||||
|
||||
// Header is a middleware that helps setup a few basic security features.
|
||||
|
@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
|
|||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||
|
||||
ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background())
|
||||
|
||||
handleDeprecation(ctx, &cfg)
|
||||
|
||||
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
|
||||
for i, str := range cfg.AccessControlAllowOriginListRegex {
|
||||
reg, err := regexp.Compile(str)
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/opentracing/opentracing-go/ext"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
|
||||
|
@ -18,26 +17,6 @@ const (
|
|||
typeName = "Headers"
|
||||
)
|
||||
|
||||
func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) {
|
||||
logger := log.Ctx(ctx).Warn()
|
||||
|
||||
if cfg.SSLRedirect {
|
||||
logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.")
|
||||
}
|
||||
if cfg.SSLTemporaryRedirect {
|
||||
logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.")
|
||||
}
|
||||
if cfg.SSLHost != "" {
|
||||
logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.")
|
||||
}
|
||||
if cfg.SSLForceHost {
|
||||
logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.")
|
||||
}
|
||||
if cfg.FeaturePolicy != "" {
|
||||
logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.")
|
||||
}
|
||||
}
|
||||
|
||||
type headers struct {
|
||||
name string
|
||||
handler http.Handler
|
||||
|
@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin
|
|||
logger := middlewares.GetLogger(ctx, name, typeName)
|
||||
logger.Debug().Msg("Creating middleware")
|
||||
|
||||
mCtx := logger.WithContext(ctx)
|
||||
|
||||
handleDeprecation(mCtx, &cfg)
|
||||
|
||||
hasSecureHeaders := cfg.HasSecureHeadersDefined()
|
||||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||
|
|
|
@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
|||
ForceSTSHeader: cfg.ForceSTSHeader,
|
||||
FrameDeny: cfg.FrameDeny,
|
||||
IsDevelopment: cfg.IsDevelopment,
|
||||
SSLRedirect: cfg.SSLRedirect,
|
||||
SSLForceHost: cfg.SSLForceHost,
|
||||
SSLTemporaryRedirect: cfg.SSLTemporaryRedirect,
|
||||
STSIncludeSubdomains: cfg.STSIncludeSubdomains,
|
||||
STSPreload: cfg.STSPreload,
|
||||
ContentSecurityPolicy: cfg.ContentSecurityPolicy,
|
||||
|
@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
|||
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
|
||||
PublicKey: cfg.PublicKey,
|
||||
ReferrerPolicy: cfg.ReferrerPolicy,
|
||||
SSLHost: cfg.SSLHost,
|
||||
AllowedHosts: cfg.AllowedHosts,
|
||||
HostsProxyHeaders: cfg.HostsProxyHeaders,
|
||||
SSLProxyHeaders: cfg.SSLProxyHeaders,
|
||||
STSSeconds: cfg.STSSeconds,
|
||||
FeaturePolicy: cfg.FeaturePolicy,
|
||||
PermissionsPolicy: cfg.PermissionsPolicy,
|
||||
SecureContextKey: contextKey,
|
||||
}
|
||||
|
|
|
@ -11,125 +11,12 @@ import (
|
|||
|
||||
// Middleware tests based on https://github.com/unrolled/secure
|
||||
|
||||
func Test_newSecure_sslForceHost(t *testing.T) {
|
||||
type expected struct {
|
||||
statusCode int
|
||||
location string
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
desc string
|
||||
host string
|
||||
cfg dynamic.Headers
|
||||
expected
|
||||
}{
|
||||
{
|
||||
desc: "http should return a 301",
|
||||
host: "http://powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "http sub domain should return a 301",
|
||||
host: "http://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "https should return a 200",
|
||||
host: "https://powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{statusCode: http.StatusOK},
|
||||
},
|
||||
{
|
||||
desc: "https sub domain should return a 301",
|
||||
host: "https://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "http without force host and sub domain should return a 301",
|
||||
host: "http://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: false,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "https without force host and sub domain should return a 301",
|
||||
host: "https://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: false,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{statusCode: http.StatusOK},
|
||||
},
|
||||
}
|
||||
|
||||
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
_, _ = rw.Write([]byte("OK"))
|
||||
})
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
mid := newSecure(next, test.cfg, "mymiddleware")
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, test.host, nil)
|
||||
|
||||
rw := httptest.NewRecorder()
|
||||
|
||||
mid.ServeHTTP(rw, req)
|
||||
|
||||
assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode)
|
||||
assert.Equal(t, test.expected.location, rw.Header().Get("Location"))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_newSecure_modifyResponse(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
cfg dynamic.Headers
|
||||
expected http.Header
|
||||
}{
|
||||
{
|
||||
desc: "FeaturePolicy",
|
||||
cfg: dynamic.Headers{
|
||||
FeaturePolicy: "vibrate 'none';",
|
||||
},
|
||||
expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}},
|
||||
},
|
||||
{
|
||||
desc: "PermissionsPolicy",
|
||||
cfg: dynamic.Headers{
|
||||
|
|
|
@ -19,20 +19,18 @@ const (
|
|||
|
||||
// stripPrefix is a middleware used to strip prefix from an URL request.
|
||||
type stripPrefix struct {
|
||||
next http.Handler
|
||||
prefixes []string
|
||||
forceSlash bool // TODO Must be removed (breaking), the default behavior must be forceSlash=false
|
||||
name string
|
||||
next http.Handler
|
||||
prefixes []string
|
||||
name string
|
||||
}
|
||||
|
||||
// New creates a new strip prefix middleware.
|
||||
func New(ctx context.Context, next http.Handler, config dynamic.StripPrefix, name string) (http.Handler, error) {
|
||||
middlewares.GetLogger(ctx, name, typeName).Debug().Msg("Creating middleware")
|
||||
return &stripPrefix{
|
||||
prefixes: config.Prefixes,
|
||||
forceSlash: config.ForceSlash,
|
||||
next: next,
|
||||
name: name,
|
||||
prefixes: config.Prefixes,
|
||||
next: next,
|
||||
name: name,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -61,13 +59,6 @@ func (s *stripPrefix) serveRequest(rw http.ResponseWriter, req *http.Request, pr
|
|||
}
|
||||
|
||||
func (s *stripPrefix) getPrefixStripped(urlPath, prefix string) string {
|
||||
if s.forceSlash {
|
||||
// Only for compatibility reason with the previous behavior,
|
||||
// but the previous behavior is wrong.
|
||||
// This needs to be removed in the next breaking version.
|
||||
return "/" + strings.TrimPrefix(strings.TrimPrefix(urlPath, prefix), "/")
|
||||
}
|
||||
|
||||
return ensureLeadingSlash(strings.TrimPrefix(urlPath, prefix))
|
||||
}
|
||||
|
||||
|
|
|
@ -31,17 +31,6 @@ func TestStripPrefix(t *testing.T) {
|
|||
expectedStatusCode: http.StatusOK,
|
||||
expectedPath: "/noprefixes",
|
||||
},
|
||||
{
|
||||
desc: "wildcard (.*) requests (ForceSlash)",
|
||||
config: dynamic.StripPrefix{
|
||||
Prefixes: []string{"/"},
|
||||
ForceSlash: true,
|
||||
},
|
||||
path: "/",
|
||||
expectedStatusCode: http.StatusOK,
|
||||
expectedPath: "/",
|
||||
expectedHeader: "/",
|
||||
},
|
||||
{
|
||||
desc: "wildcard (.*) requests",
|
||||
config: dynamic.StripPrefix{
|
||||
|
@ -52,17 +41,6 @@ func TestStripPrefix(t *testing.T) {
|
|||
expectedPath: "",
|
||||
expectedHeader: "/",
|
||||
},
|
||||
{
|
||||
desc: "prefix and path matching (ForceSlash)",
|
||||
config: dynamic.StripPrefix{
|
||||
Prefixes: []string{"/stat"},
|
||||
ForceSlash: true,
|
||||
},
|
||||
path: "/stat",
|
||||
expectedStatusCode: http.StatusOK,
|
||||
expectedPath: "/",
|
||||
expectedHeader: "/stat",
|
||||
},
|
||||
{
|
||||
desc: "prefix and path matching",
|
||||
config: dynamic.StripPrefix{
|
||||
|
@ -73,17 +51,6 @@ func TestStripPrefix(t *testing.T) {
|
|||
expectedPath: "",
|
||||
expectedHeader: "/stat",
|
||||
},
|
||||
{
|
||||
desc: "path prefix on exactly matching path (ForceSlash)",
|
||||
config: dynamic.StripPrefix{
|
||||
Prefixes: []string{"/stat/"},
|
||||
ForceSlash: true,
|
||||
},
|
||||
path: "/stat/",
|
||||
expectedStatusCode: http.StatusOK,
|
||||
expectedPath: "/",
|
||||
expectedHeader: "/stat/",
|
||||
},
|
||||
{
|
||||
desc: "path prefix on exactly matching path",
|
||||
config: dynamic.StripPrefix{
|
||||
|
@ -133,17 +100,6 @@ func TestStripPrefix(t *testing.T) {
|
|||
expectedPath: "/us",
|
||||
expectedHeader: "/stat",
|
||||
},
|
||||
{
|
||||
desc: "later prefix matching (ForceSlash)",
|
||||
config: dynamic.StripPrefix{
|
||||
Prefixes: []string{"/mismatch", "/stat"},
|
||||
ForceSlash: true,
|
||||
},
|
||||
path: "/stat",
|
||||
expectedStatusCode: http.StatusOK,
|
||||
expectedPath: "/",
|
||||
expectedHeader: "/stat",
|
||||
},
|
||||
{
|
||||
desc: "later prefix matching",
|
||||
config: dynamic.StripPrefix{
|
||||
|
|
|
@ -35,8 +35,7 @@ const (
|
|||
const pluginsURL = "https://plugins.traefik.io/public/"
|
||||
|
||||
const (
|
||||
hashHeader = "X-Plugin-Hash"
|
||||
tokenHeader = "X-Token"
|
||||
hashHeader = "X-Plugin-Hash"
|
||||
)
|
||||
|
||||
// ClientOptions the options of a Traefik plugins client.
|
||||
|
@ -49,7 +48,6 @@ type Client struct {
|
|||
HTTPClient *http.Client
|
||||
baseURL *url.URL
|
||||
|
||||
token string
|
||||
archives string
|
||||
stateFile string
|
||||
goPath string
|
||||
|
@ -158,10 +156,6 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
|
|||
req.Header.Set(hashHeader, hash)
|
||||
}
|
||||
|
||||
if c.token != "" {
|
||||
req.Header.Set(tokenHeader, c.token)
|
||||
}
|
||||
|
||||
resp, err := c.HTTPClient.Do(req)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to call service: %w", err)
|
||||
|
@ -222,10 +216,6 @@ func (c *Client) Check(ctx context.Context, pName, pVersion, hash string) error
|
|||
req.Header.Set(hashHeader, hash)
|
||||
}
|
||||
|
||||
if c.token != "" {
|
||||
req.Header.Set(tokenHeader, c.token)
|
||||
}
|
||||
|
||||
resp, err := c.HTTPClient.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to call service: %w", err)
|
||||
|
|
|
@ -3070,7 +3070,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
func TestNamespaces(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
namespace string
|
||||
namespaces []string
|
||||
expectedNamespaces []string
|
||||
}{
|
||||
|
@ -3078,11 +3077,6 @@ func TestNamespaces(t *testing.T) {
|
|||
desc: "no defined namespaces",
|
||||
expectedNamespaces: []string{""},
|
||||
},
|
||||
{
|
||||
desc: "deprecated: use of defined namespace",
|
||||
namespace: "test-ns",
|
||||
expectedNamespaces: []string{"test-ns"},
|
||||
},
|
||||
{
|
||||
desc: "use of 1 defined namespaces",
|
||||
namespaces: []string{"test-ns"},
|
||||
|
@ -3102,7 +3096,6 @@ func TestNamespaces(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
pb := &ProviderBuilder{
|
||||
Namespace: test.namespace,
|
||||
Namespaces: test.namespaces,
|
||||
}
|
||||
|
||||
|
|
|
@ -49,25 +49,15 @@ type itemData struct {
|
|||
type ProviderBuilder struct {
|
||||
Configuration `yaml:",inline" export:"true"`
|
||||
|
||||
// Deprecated: use Namespaces option instead.
|
||||
Namespace string `description:"Sets the namespace used to discover services (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Namespaces []string `description:"Sets the namespaces used to discover services (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||
}
|
||||
|
||||
// BuildProviders builds Consul Catalog provider instances for the given namespaces configuration.
|
||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||
// We can warn about that, because we've already made sure before that
|
||||
// Namespace and Namespaces are mutually exclusive.
|
||||
if p.Namespace != "" {
|
||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
||||
}
|
||||
|
||||
if len(p.Namespaces) == 0 {
|
||||
return []*Provider{{
|
||||
Configuration: p.Configuration,
|
||||
name: providerName,
|
||||
// p.Namespace could very well be empty.
|
||||
namespace: p.Namespace,
|
||||
}}
|
||||
}
|
||||
|
||||
|
|
|
@ -623,7 +623,6 @@ func createForwardAuthMiddleware(k8sClient Client, namespace string, auth *v1alp
|
|||
}
|
||||
|
||||
forwardAuth.TLS = &types.ClientTLS{
|
||||
CAOptional: auth.TLS.CAOptional,
|
||||
InsecureSkipVerify: auth.TLS.InsecureSkipVerify,
|
||||
}
|
||||
|
||||
|
|
|
@ -5144,8 +5144,7 @@ func TestCrossNamespace(t *testing.T) {
|
|||
Middlewares: map[string]*dynamic.Middleware{
|
||||
"cross-ns-stripprefix": {
|
||||
StripPrefix: &dynamic.StripPrefix{
|
||||
Prefixes: []string{"/stripit"},
|
||||
ForceSlash: false,
|
||||
Prefixes: []string{"/stripit"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -5215,8 +5214,7 @@ func TestCrossNamespace(t *testing.T) {
|
|||
Middlewares: map[string]*dynamic.Middleware{
|
||||
"cross-ns-stripprefix": {
|
||||
StripPrefix: &dynamic.StripPrefix{
|
||||
Prefixes: []string{"/stripit"},
|
||||
ForceSlash: false,
|
||||
Prefixes: []string{"/stripit"},
|
||||
},
|
||||
},
|
||||
"default-test-errorpage": {
|
||||
|
|
|
@ -167,7 +167,6 @@ type ClientTLS struct {
|
|||
CertSecret string `json:"certSecret,omitempty"`
|
||||
// InsecureSkipVerify defines whether the server certificates should be validated.
|
||||
InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
|
||||
CAOptional bool `json:"caOptional,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
|
|
@ -41,10 +41,6 @@ type TLSOptionSpec struct {
|
|||
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
|
||||
// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
|
||||
SniStrict bool `json:"sniStrict,omitempty"`
|
||||
// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
// It is enabled automatically when minVersion or maxVersion is set.
|
||||
// Deprecated: https://github.com/golang/go/issues/45430
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
|
||||
// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
// More info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty"`
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/kvtools/consul"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v2/pkg/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||
"github.com/traefik/traefik/v2/pkg/types"
|
||||
|
@ -25,8 +24,6 @@ type ProviderBuilder struct {
|
|||
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
||||
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
||||
|
||||
// Deprecated: use Namespaces instead.
|
||||
Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||
}
|
||||
|
||||
|
@ -38,20 +35,12 @@ func (p *ProviderBuilder) SetDefaults() {
|
|||
|
||||
// BuildProviders builds Consul provider instances for the given namespaces configuration.
|
||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||
// We can warn about that, because we've already made sure before that
|
||||
// Namespace and Namespaces are mutually exclusive.
|
||||
if p.Namespace != "" {
|
||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
||||
}
|
||||
|
||||
if len(p.Namespaces) == 0 {
|
||||
return []*Provider{{
|
||||
Provider: p.Provider,
|
||||
name: providerName,
|
||||
// p.Namespace could very well be empty.
|
||||
namespace: p.Namespace,
|
||||
token: p.Token,
|
||||
tls: p.TLS,
|
||||
token: p.Token,
|
||||
tls: p.TLS,
|
||||
}}
|
||||
}
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@ import (
|
|||
func TestNamespaces(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
namespace string
|
||||
namespaces []string
|
||||
expectedNamespaces []string
|
||||
}{
|
||||
|
@ -17,11 +16,6 @@ func TestNamespaces(t *testing.T) {
|
|||
desc: "no defined namespaces",
|
||||
expectedNamespaces: []string{""},
|
||||
},
|
||||
{
|
||||
desc: "deprecated: use of defined namespace",
|
||||
namespace: "test-ns",
|
||||
expectedNamespaces: []string{"test-ns"},
|
||||
},
|
||||
{
|
||||
desc: "use of 1 defined namespaces",
|
||||
namespaces: []string{"test-ns"},
|
||||
|
@ -41,7 +35,6 @@ func TestNamespaces(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
pb := &ProviderBuilder{
|
||||
Namespace: test.namespace,
|
||||
Namespaces: test.namespaces,
|
||||
}
|
||||
|
||||
|
|
|
@ -79,7 +79,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/key": "foobar",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/insecureSkipVerify": "true",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/ca": "foobar",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/caOptional": "true",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/tls/cert": "foobar",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/address": "foobar",
|
||||
"traefik/http/middlewares/Middleware08/forwardAuth/trustForwardHeader": "true",
|
||||
|
@ -106,12 +105,8 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"traefik/http/middlewares/Middleware09/headers/accessControlAllowOriginListRegex/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/contentTypeNosniff": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/accessControlAllowCredentials": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/featurePolicy": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/permissionsPolicy": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/forceSTSHeader": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslRedirect": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslHost": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslForceHost": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name1": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslProxyHeaders/name0": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/allowedHosts/0": "foobar",
|
||||
|
@ -130,7 +125,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"traefik/http/middlewares/Middleware09/headers/addVaryHeader": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/hostsProxyHeaders/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/sslTemporaryRedirect": "true",
|
||||
"traefik/http/middlewares/Middleware09/headers/customBrowserXSSValue": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/referrerPolicy": "foobar",
|
||||
"traefik/http/middlewares/Middleware09/headers/accessControlExposeHeaders/0": "foobar",
|
||||
|
@ -206,7 +200,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"traefik/http/middlewares/Middleware18/retry/attempts": "42",
|
||||
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/0": "foobar",
|
||||
"traefik/http/middlewares/Middleware19/stripPrefix/prefixes/1": "foobar",
|
||||
"traefik/http/middlewares/Middleware19/stripPrefix/forceSlash": "true",
|
||||
"traefik/tcp/routers/TCPRouter0/entryPoints/0": "foobar",
|
||||
"traefik/tcp/routers/TCPRouter0/entryPoints/1": "foobar",
|
||||
"traefik/tcp/routers/TCPRouter0/service": "foobar",
|
||||
|
@ -378,7 +371,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"foobar",
|
||||
},
|
||||
ForceSlash: true,
|
||||
},
|
||||
},
|
||||
"Middleware00": {
|
||||
|
@ -413,7 +405,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
Address: "foobar",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "foobar",
|
||||
CAOptional: true,
|
||||
Cert: "foobar",
|
||||
Key: "foobar",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -589,14 +580,10 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
"foobar",
|
||||
"foobar",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLHost: "foobar",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"name1": "foobar",
|
||||
"name0": "foobar",
|
||||
},
|
||||
SSLForceHost: true,
|
||||
STSSeconds: 42,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
|
@ -609,7 +596,6 @@ func Test_buildConfiguration(t *testing.T) {
|
|||
ContentSecurityPolicy: "foobar",
|
||||
PublicKey: "foobar",
|
||||
ReferrerPolicy: "foobar",
|
||||
FeaturePolicy: "foobar",
|
||||
PermissionsPolicy: "foobar",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
|
|
|
@ -2611,7 +2611,6 @@ func Test_keepItem(t *testing.T) {
|
|||
func TestNamespaces(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
namespace string
|
||||
namespaces []string
|
||||
expectedNamespaces []string
|
||||
}{
|
||||
|
@ -2619,11 +2618,6 @@ func TestNamespaces(t *testing.T) {
|
|||
desc: "no defined namespaces",
|
||||
expectedNamespaces: []string{""},
|
||||
},
|
||||
{
|
||||
desc: "deprecated: use of defined namespace",
|
||||
namespace: "test-ns",
|
||||
expectedNamespaces: []string{"test-ns"},
|
||||
},
|
||||
{
|
||||
desc: "use of 1 defined namespaces",
|
||||
namespaces: []string{"test-ns"},
|
||||
|
@ -2643,7 +2637,6 @@ func TestNamespaces(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
pb := &ProviderBuilder{
|
||||
Namespace: test.namespace,
|
||||
Namespaces: test.namespaces,
|
||||
}
|
||||
|
||||
|
|
|
@ -52,23 +52,15 @@ type item struct {
|
|||
type ProviderBuilder struct {
|
||||
Configuration `yaml:",inline" export:"true"`
|
||||
|
||||
// Deprecated: Use Namespaces option instead
|
||||
Namespace string `description:"Sets the Nomad namespace used to discover services." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Namespaces []string `description:"Sets the Nomad namespaces used to discover services." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||
}
|
||||
|
||||
// BuildProviders builds Nomad provider instances for the given namespaces configuration.
|
||||
func (p *ProviderBuilder) BuildProviders() []*Provider {
|
||||
if p.Namespace != "" {
|
||||
log.Warn().Msg("Namespace option is deprecated, please use the Namespaces option instead.")
|
||||
}
|
||||
|
||||
if len(p.Namespaces) == 0 {
|
||||
return []*Provider{{
|
||||
Configuration: p.Configuration,
|
||||
name: providerName,
|
||||
// p.Namespace could be empty
|
||||
namespace: p.Namespace,
|
||||
}}
|
||||
}
|
||||
|
||||
|
|
|
@ -175,8 +175,7 @@ func init() {
|
|||
Prefix: "foo",
|
||||
},
|
||||
StripPrefix: &dynamic.StripPrefix{
|
||||
Prefixes: []string{"foo"},
|
||||
ForceSlash: true,
|
||||
Prefixes: []string{"foo"},
|
||||
},
|
||||
StripPrefixRegex: &dynamic.StripPrefixRegex{
|
||||
Regex: []string{"foo"},
|
||||
|
@ -211,11 +210,7 @@ func init() {
|
|||
AddVaryHeader: true,
|
||||
AllowedHosts: []string{"foo"},
|
||||
HostsProxyHeaders: []string{"foo"},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{"foo": "bar"},
|
||||
SSLForceHost: true,
|
||||
STSSeconds: 42,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
|
@ -228,7 +223,6 @@ func init() {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
FeaturePolicy: "foo",
|
||||
PermissionsPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
|
@ -278,7 +272,6 @@ func init() {
|
|||
Address: "127.0.0.1",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "ca.pem",
|
||||
CAOptional: true,
|
||||
Cert: "cert.pem",
|
||||
Key: "cert.pem",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -592,7 +585,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
DefaultRule: "PathPrefix(`/`)",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -615,7 +607,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
DCOSToken: "foobar",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -691,7 +682,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Token: "MyToken",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -710,7 +700,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
ExposedByDefault: true,
|
||||
DefaultRule: "PathPrefix(`/`)",
|
||||
},
|
||||
Namespace: "ns",
|
||||
Namespaces: []string{"ns1", "ns2"},
|
||||
}
|
||||
|
||||
|
@ -735,12 +724,10 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Token: "secret",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
Namespace: "ns",
|
||||
Namespaces: []string{"ns1", "ns2"},
|
||||
}
|
||||
|
||||
|
@ -753,7 +740,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -778,7 +764,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -791,7 +776,6 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
PollTimeout: 42,
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
|
@ -903,7 +887,7 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
},
|
||||
Datadog: &datadog.Config{
|
||||
LocalAgentHostPort: "foobar",
|
||||
GlobalTag: "foobar",
|
||||
GlobalTags: map[string]string{"foobar": "foobar"},
|
||||
Debug: true,
|
||||
PrioritySampling: true,
|
||||
TraceIDHeaderName: "foobar",
|
||||
|
|
|
@ -99,8 +99,7 @@
|
|||
"stripPrefix": {
|
||||
"prefixes": [
|
||||
"foo"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"stripPrefixRegex": {
|
||||
"regex": [
|
||||
|
@ -161,10 +160,6 @@
|
|||
"hostsProxyHeaders": [
|
||||
"foo"
|
||||
],
|
||||
"sslRedirect": true,
|
||||
"sslTemporaryRedirect": true,
|
||||
"sslHost": "xxxx",
|
||||
"sslForceHost": true,
|
||||
"stsSeconds": 42,
|
||||
"stsIncludeSubdomains": true,
|
||||
"stsPreload": true,
|
||||
|
@ -177,7 +172,6 @@
|
|||
"contentSecurityPolicy": "xxxx",
|
||||
"publicKey": "xxxx",
|
||||
"referrerPolicy": "foo",
|
||||
"featurePolicy": "foo",
|
||||
"permissionsPolicy": "foo",
|
||||
"isDevelopment": true
|
||||
},
|
||||
|
@ -235,7 +229,6 @@
|
|||
"address": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
|
|
@ -83,7 +83,6 @@
|
|||
"defaultRule": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -111,7 +110,6 @@
|
|||
"dcosToken": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -189,7 +187,6 @@
|
|||
"token": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -207,7 +204,6 @@
|
|||
"cache": true,
|
||||
"exposedByDefault": true,
|
||||
"defaultRule": "xxxx",
|
||||
"namespace": "xxxx",
|
||||
"namespaces": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
|
@ -233,12 +229,10 @@
|
|||
"token": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
},
|
||||
"namespace": "xxxx",
|
||||
"namespaces": [
|
||||
"xxxx",
|
||||
"xxxx"
|
||||
|
@ -248,7 +242,6 @@
|
|||
"rootKey": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -265,7 +258,6 @@
|
|||
"rootKey": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -279,7 +271,6 @@
|
|||
"pollTimeout": "42ns",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
@ -394,7 +385,9 @@
|
|||
},
|
||||
"datadog": {
|
||||
"localAgentHostPort": "xxxx",
|
||||
"globalTag": "foobar",
|
||||
"globalTags": {
|
||||
"foobar": "foobar"
|
||||
},
|
||||
"debug": true,
|
||||
"prioritySampling": true,
|
||||
"traceIDHeaderName": "foobar",
|
||||
|
|
|
@ -99,8 +99,7 @@
|
|||
"stripPrefix": {
|
||||
"prefixes": [
|
||||
"foo"
|
||||
],
|
||||
"forceSlash": true
|
||||
]
|
||||
},
|
||||
"stripPrefixRegex": {
|
||||
"regex": [
|
||||
|
@ -161,13 +160,9 @@
|
|||
"hostsProxyHeaders": [
|
||||
"foo"
|
||||
],
|
||||
"sslRedirect": true,
|
||||
"sslTemporaryRedirect": true,
|
||||
"sslHost": "foo",
|
||||
"sslProxyHeaders": {
|
||||
"foo": "bar"
|
||||
},
|
||||
"sslForceHost": true,
|
||||
"stsSeconds": 42,
|
||||
"stsIncludeSubdomains": true,
|
||||
"stsPreload": true,
|
||||
|
@ -180,7 +175,6 @@
|
|||
"contentSecurityPolicy": "foo",
|
||||
"publicKey": "foo",
|
||||
"referrerPolicy": "foo",
|
||||
"featurePolicy": "foo",
|
||||
"permissionsPolicy": "foo",
|
||||
"isDevelopment": true
|
||||
},
|
||||
|
@ -238,7 +232,6 @@
|
|||
"address": "127.0.0.1",
|
||||
"tls": {
|
||||
"ca": "ca.pem",
|
||||
"caOptional": true,
|
||||
"cert": "cert.pem",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
|
|
|
@ -18,14 +18,13 @@ type ClientAuth struct {
|
|||
|
||||
// Options configures TLS for an entry point.
|
||||
type Options struct {
|
||||
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
||||
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
||||
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
||||
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
||||
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
||||
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
||||
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
||||
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty" export:"true"`
|
||||
CurvePreferences []string `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
|
||||
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
|
||||
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
|
||||
ALPNProtocols []string `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values for an Options struct.
|
||||
|
|
|
@ -4,7 +4,6 @@ import (
|
|||
"io"
|
||||
"net"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/opentracing/opentracing-go"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
@ -18,9 +17,7 @@ const Name = "datadog"
|
|||
|
||||
// Config provides configuration settings for a datadog tracer.
|
||||
type Config struct {
|
||||
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
|
||||
// Deprecated: use GlobalTags instead.
|
||||
GlobalTag string `description:"Sets a key:value tag on all spans." json:"globalTag,omitempty" toml:"globalTag,omitempty" yaml:"globalTag,omitempty" export:"true"`
|
||||
LocalAgentHostPort string `description:"Sets the Datadog Agent host:port." json:"localAgentHostPort,omitempty" toml:"localAgentHostPort,omitempty" yaml:"localAgentHostPort,omitempty"`
|
||||
GlobalTags map[string]string `description:"Sets a list of key:value tags on all spans." json:"globalTags,omitempty" toml:"globalTags,omitempty" yaml:"globalTags,omitempty" export:"true"`
|
||||
Debug bool `description:"Enables Datadog debug." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"`
|
||||
PrioritySampling bool `description:"Enables priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled." json:"prioritySampling,omitempty" toml:"prioritySampling,omitempty" yaml:"prioritySampling,omitempty" export:"true"`
|
||||
|
@ -66,17 +63,6 @@ func (c *Config) Setup(serviceName string) (opentracing.Tracer, io.Closer, error
|
|||
opts = append(opts, datadog.WithGlobalTag(k, v))
|
||||
}
|
||||
|
||||
if c.GlobalTag != "" {
|
||||
logger.Warn().Msg(`Datadog: option "globalTag" is deprecated, please use "globalTags" instead.`)
|
||||
|
||||
key, value, _ := strings.Cut(c.GlobalTag, ":")
|
||||
|
||||
// Don't override a tag already defined with the new option.
|
||||
if _, ok := c.GlobalTags[key]; !ok {
|
||||
opts = append(opts, datadog.WithGlobalTag(key, value))
|
||||
}
|
||||
}
|
||||
|
||||
if c.PrioritySampling {
|
||||
opts = append(opts, datadog.WithPrioritySampling())
|
||||
}
|
||||
|
|
|
@ -16,9 +16,7 @@ import (
|
|||
// ClientTLS holds TLS specific configurations as client
|
||||
// CA, Cert and Key can be either path or file contents.
|
||||
type ClientTLS struct {
|
||||
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
|
||||
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
|
||||
CAOptional bool `description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true"`
|
||||
CA string `description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty"`
|
||||
Cert string `description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty"`
|
||||
Key string `description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false"`
|
||||
InsecureSkipVerify bool `description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true"`
|
||||
|
@ -31,10 +29,6 @@ func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
if c.CAOptional {
|
||||
log.Ctx(ctx).Warn().Msg("CAOptional is deprecated, TLS client authentication is a server side option.")
|
||||
}
|
||||
|
||||
// Not initialized, to rely on system bundle.
|
||||
var caPool *x509.CertPool
|
||||
|
||||
|
|
Loading…
Reference in a new issue