Fix custom headers template

This commit is contained in:
Ludovic Fernandez 2018-01-02 10:10:04 +01:00 committed by Traefiker
parent 75533b2beb
commit bfd142b13b
11 changed files with 151 additions and 96 deletions

View file

@ -219,6 +219,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
replacement = "{{getRedirectReplacement $container}}" replacement = "{{getRedirectReplacement $container}}"
{{end}} {{end}}
{{ if hasHeaders $container}}
[frontends."frontend-{{$frontend}}".headers] [frontends."frontend-{{$frontend}}".headers]
{{if hasSSLRedirectHeaders $container}} {{if hasSSLRedirectHeaders $container}}
SSLRedirect = {{getSSLRedirectHeaders $container}} SSLRedirect = {{getSSLRedirectHeaders $container}}
@ -265,6 +266,16 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
{{if hasIsDevelopmentHeaders $container}} {{if hasIsDevelopmentHeaders $container}}
IsDevelopment = {{getIsDevelopmentHeaders $container}} IsDevelopment = {{getIsDevelopmentHeaders $container}}
{{end}} {{end}}
{{if hasAllowedHostsHeaders $container}}
AllowedHosts = [{{range getAllowedHostsHeaders $container}}
"{{.}}",
{{end}}]
{{end}}
{{if hasHostsProxyHeaders $container}}
HostsProxyHeaders = [{{range getHostsProxyHeaders $container}}
"{{.}}",
{{end}}]
{{end}}
{{if hasRequestHeaders $container}} {{if hasRequestHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.customrequestheaders] [frontends."frontend-{{$frontend}}".headers.customrequestheaders]
{{range $k, $v := getRequestHeaders $container}} {{range $k, $v := getRequestHeaders $container}}
@ -277,24 +288,14 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if hasAllowedHostsHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.AllowedHosts]
{{range getAllowedHostsHeaders $container}}
"{{.}}"
{{end}}
{{end}}
{{if hasHostsProxyHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.HostsProxyHeaders]
{{range getHostsProxyHeaders $container}}
"{{.}}"
{{end}}
{{end}}
{{if hasSSLProxyHeaders $container}} {{if hasSSLProxyHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.SSLProxyHeaders] [frontends."frontend-{{$frontend}}".headers.SSLProxyHeaders]
{{range $k, $v := getSSLProxyHeaders $container}} {{range $k, $v := getSSLProxyHeaders $container}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}}
[frontends."frontend-{{$frontend}}".routes."route-frontend-{{$frontend}}"] [frontends."frontend-{{$frontend}}".routes."route-frontend-{{$frontend}}"]
rule = "{{getFrontendRule $container}}" rule = "{{getFrontendRule $container}}"
{{end}} {{end}}
@ -445,6 +446,7 @@ var _templatesKubernetesTmpl = []byte(`[backends]{{range $backendName, $backend
replacement = "{{$frontend.RedirectReplacement}}" replacement = "{{$frontend.RedirectReplacement}}"
{{end}} {{end}}
{{ if $frontend.Headers }}
[frontends."{{$frontendName}}".headers] [frontends."{{$frontendName}}".headers]
SSLRedirect = {{$frontend.Headers.SSLRedirect}} SSLRedirect = {{$frontend.Headers.SSLRedirect}}
SSLTemporaryRedirect = {{$frontend.Headers.SSLTemporaryRedirect}} SSLTemporaryRedirect = {{$frontend.Headers.SSLTemporaryRedirect}}
@ -461,36 +463,41 @@ var _templatesKubernetesTmpl = []byte(`[backends]{{range $backendName, $backend
PublicKey = "{{$frontend.Headers.PublicKey}}" PublicKey = "{{$frontend.Headers.PublicKey}}"
ReferrerPolicy = "{{$frontend.Headers.ReferrerPolicy}}" ReferrerPolicy = "{{$frontend.Headers.ReferrerPolicy}}"
IsDevelopment = {{$frontend.Headers.IsDevelopment}} IsDevelopment = {{$frontend.Headers.IsDevelopment}}
{{if $frontend.Headers.AllowedHosts}}
AllowedHosts = [{{range $frontend.Headers.AllowedHosts}}
"{{.}}",
{{end}}]
{{end}}
{{if $frontend.Headers.HostsProxyHeaders}}
HostsProxyHeaders = [{{range $frontend.Headers.HostsProxyHeaders}}
"{{.}}",
{{end}}]
{{end}}
{{if $frontend.Headers.CustomRequestHeaders}} {{if $frontend.Headers.CustomRequestHeaders}}
[frontends."{{$frontendName}}".headers.customrequestheaders] [frontends."{{$frontendName}}".headers.customrequestheaders]
{{range $k, $v := $frontend.Headers.CustomRequestHeaders}} {{range $k, $v := $frontend.Headers.CustomRequestHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $frontend.Headers.CustomResponseHeaders}} {{if $frontend.Headers.CustomResponseHeaders}}
[frontends."{{$frontendName}}".headers.customresponseheaders] [frontends."{{$frontendName}}".headers.customresponseheaders]
{{range $k, $v := $frontend.Headers.CustomResponseHeaders}} {{range $k, $v := $frontend.Headers.CustomResponseHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $frontend.Headers.AllowedHosts}}
[frontends."{{$frontendName}}".headers.AllowedHosts]
{{range $frontend.Headers.AllowedHosts}}
"{{.}}"
{{end}}
{{end}}
{{if $frontend.Headers.HostsProxyHeaders}}
[frontends."{{$frontendName}}".headers.HostsProxyHeaders]
{{range $frontend.Headers.HostsProxyHeaders}}
"{{.}}"
{{end}}
{{end}}
{{if $frontend.Headers.SSLProxyHeaders}} {{if $frontend.Headers.SSLProxyHeaders}}
[frontends."{{$frontendName}}".headers.SSLProxyHeaders] [frontends."{{$frontendName}}".headers.SSLProxyHeaders]
{{range $k, $v := $frontend.Headers.SSLProxyHeaders}} {{range $k, $v := $frontend.Headers.SSLProxyHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}}
{{range $routeName, $route := $frontend.Routes}} {{range $routeName, $route := $frontend.Routes}}
[frontends."{{$frontendName}}".routes."{{$routeName}}"] [frontends."{{$frontendName}}".routes."{{$routeName}}"]
rule = "{{$route.Rule}}" rule = "{{$route.Rule}}"

View file

@ -24,14 +24,16 @@ type HeaderStruct struct {
} }
// NewHeaderFromStruct constructs a new header instance from supplied frontend header struct. // NewHeaderFromStruct constructs a new header instance from supplied frontend header struct.
func NewHeaderFromStruct(headers types.Headers) *HeaderStruct { func NewHeaderFromStruct(headers *types.Headers) *HeaderStruct {
o := HeaderOptions{ if headers == nil || !headers.HasCustomHeadersDefined() {
CustomRequestHeaders: headers.CustomRequestHeaders, return nil
CustomResponseHeaders: headers.CustomResponseHeaders,
} }
return &HeaderStruct{ return &HeaderStruct{
opt: o, opt: HeaderOptions{
CustomRequestHeaders: headers.CustomRequestHeaders,
CustomResponseHeaders: headers.CustomResponseHeaders,
},
} }
} }

View file

@ -17,16 +17,14 @@ var myHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// newHeader constructs a new header instance with supplied options. // newHeader constructs a new header instance with supplied options.
func newHeader(options ...HeaderOptions) *HeaderStruct { func newHeader(options ...HeaderOptions) *HeaderStruct {
var o HeaderOptions var opt HeaderOptions
if len(options) == 0 { if len(options) == 0 {
o = HeaderOptions{} opt = HeaderOptions{}
} else { } else {
o = options[0] opt = options[0]
} }
return &HeaderStruct{ return &HeaderStruct{opt: opt}
opt: o,
}
} }
func TestNoConfig(t *testing.T) { func TestNoConfig(t *testing.T) {

View file

@ -6,7 +6,11 @@ import (
) )
// NewSecure constructs a new Secure instance with supplied options. // NewSecure constructs a new Secure instance with supplied options.
func NewSecure(headers types.Headers) *secure.Secure { func NewSecure(headers *types.Headers) *secure.Secure {
if headers == nil || !headers.HasSecureHeadersDefined() {
return nil
}
opt := secure.Options{ opt := secure.Options{
AllowedHosts: headers.AllowedHosts, AllowedHosts: headers.AllowedHosts,
HostsProxyHeaders: headers.HostsProxyHeaders, HostsProxyHeaders: headers.HostsProxyHeaders,

View file

@ -290,6 +290,7 @@ func (p *Provider) loadDockerConfig(containersInspected []dockerData) *types.Con
"getServiceBackend": getServiceBackend, "getServiceBackend": getServiceBackend,
"getWhitelistSourceRange": getFuncSliceStringLabel(types.LabelTraefikFrontendWhitelistSourceRange), "getWhitelistSourceRange": getFuncSliceStringLabel(types.LabelTraefikFrontendWhitelistSourceRange),
"hasHeaders": hasHeaders,
"hasRequestHeaders": hasLabel(types.LabelFrontendRequestHeaders), "hasRequestHeaders": hasLabel(types.LabelFrontendRequestHeaders),
"getRequestHeaders": getFuncMapLabel(types.LabelFrontendRequestHeaders), "getRequestHeaders": getFuncMapLabel(types.LabelFrontendRequestHeaders),
"hasResponseHeaders": hasLabel(types.LabelFrontendResponseHeaders), "hasResponseHeaders": hasLabel(types.LabelFrontendResponseHeaders),
@ -895,3 +896,15 @@ func hasRedirect(container dockerData) bool {
return hasLabel(types.LabelFrontendRedirectEntryPoint)(container) || return hasLabel(types.LabelFrontendRedirectEntryPoint)(container) ||
hasLabel(types.LabelFrontendRedirectReplacement)(container) && hasLabel(types.LabelFrontendRedirectRegex)(container) hasLabel(types.LabelFrontendRedirectReplacement)(container) && hasLabel(types.LabelFrontendRedirectRegex)(container)
} }
// TODO will be rewrite when merge on master
func hasHeaders(container dockerData) bool {
// LabelPrefix + "frontend.headers.
for key := range container.Labels {
if strings.HasPrefix(key, types.LabelPrefix+"frontend.headers.") {
return true
}
}
return false
}

View file

@ -208,7 +208,7 @@ func (p *Provider) loadIngresses(k8sClient Client) (*types.Configuration, error)
priority := getPriority(i) priority := getPriority(i)
headers := types.Headers{ headers := &types.Headers{
CustomRequestHeaders: getMapAnnotation(i, annotationKubernetesCustomRequestHeaders), CustomRequestHeaders: getMapAnnotation(i, annotationKubernetesCustomRequestHeaders),
CustomResponseHeaders: getMapAnnotation(i, annotationKubernetesCustomResponseHeaders), CustomResponseHeaders: getMapAnnotation(i, annotationKubernetesCustomResponseHeaders),
AllowedHosts: getSliceAnnotation(i, annotationKubernetesAllowedHosts), AllowedHosts: getSliceAnnotation(i, annotationKubernetesAllowedHosts),
@ -364,7 +364,7 @@ func (p *Provider) loadConfig(templateObjects types.Configuration) *types.Config
} }
func getSTSSeconds(i *v1beta1.Ingress) int64 { func getSTSSeconds(i *v1beta1.Ingress) int64 {
value, err := strconv.ParseInt(i.ObjectMeta.Annotations[annotationKubernetesHSTSMaxAge], 10, 64) value, err := strconv.ParseInt(i.Annotations[annotationKubernetesHSTSMaxAge], 10, 64)
if err == nil && value > 0 { if err == nil && value > 0 {
return value return value
} }

View file

@ -280,6 +280,7 @@ func TestLoadIngresses(t *testing.T) {
"foo/bar": { "foo/bar": {
Backend: "foo/bar", Backend: "foo/bar",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -292,6 +293,7 @@ func TestLoadIngresses(t *testing.T) {
"foo/namedthing": { "foo/namedthing": {
Backend: "foo/namedthing", Backend: "foo/namedthing",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/namedthing": { "/namedthing": {
Rule: "PathPrefix:/namedthing", Rule: "PathPrefix:/namedthing",
@ -304,6 +306,7 @@ func TestLoadIngresses(t *testing.T) {
"bar": { "bar": {
Backend: "bar", Backend: "bar",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"bar": { "bar": {
Rule: "Host:bar", Rule: "Host:bar",
@ -409,6 +412,7 @@ func TestRuleType(t *testing.T) {
expected := map[string]*types.Frontend{ expected := map[string]*types.Frontend{
"host/path": { "host/path": {
Backend: "host/path", Backend: "host/path",
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/path": { "/path": {
Rule: fmt.Sprintf("%s:/path", test.frontendRuleType), Rule: fmt.Sprintf("%s:/path", test.frontendRuleType),
@ -494,6 +498,7 @@ func TestGetPassHostHeader(t *testing.T) {
Frontends: map[string]*types.Frontend{ Frontends: map[string]*types.Frontend{
"foo/bar": { "foo/bar": {
Backend: "foo/bar", Backend: "foo/bar",
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -580,6 +585,7 @@ func TestGetPassTLSCert(t *testing.T) {
Backend: "foo/bar", Backend: "foo/bar",
PassTLSCert: true, PassTLSCert: true,
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -682,6 +688,7 @@ func TestOnlyReferencesServicesFromOwnNamespace(t *testing.T) {
"foo": { "foo": {
Backend: "foo", Backend: "foo",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"foo": { "foo": {
Rule: "Host:foo", Rule: "Host:foo",
@ -762,6 +769,7 @@ func TestHostlessIngress(t *testing.T) {
Frontends: map[string]*types.Frontend{ Frontends: map[string]*types.Frontend{
"/bar": { "/bar": {
Backend: "/bar", Backend: "/bar",
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -980,6 +988,7 @@ func TestServiceAnnotations(t *testing.T) {
"foo/bar": { "foo/bar": {
Backend: "foo/bar", Backend: "foo/bar",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -992,6 +1001,7 @@ func TestServiceAnnotations(t *testing.T) {
"bar": { "bar": {
Backend: "bar", Backend: "bar",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"bar": { "bar": {
Rule: "Host:bar", Rule: "Host:bar",
@ -1445,6 +1455,7 @@ func TestIngressAnnotations(t *testing.T) {
"foo/bar": { "foo/bar": {
Backend: "foo/bar", Backend: "foo/bar",
PassHostHeader: false, PassHostHeader: false,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -1457,6 +1468,7 @@ func TestIngressAnnotations(t *testing.T) {
"other/stuff": { "other/stuff": {
Backend: "other/stuff", Backend: "other/stuff",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/stuff": { "/stuff": {
Rule: "PathPrefix:/stuff", Rule: "PathPrefix:/stuff",
@ -1469,6 +1481,7 @@ func TestIngressAnnotations(t *testing.T) {
"other/": { "other/": {
Backend: "other/", Backend: "other/",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
EntryPoints: []string{"http", "https"}, EntryPoints: []string{"http", "https"},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/": { "/": {
@ -1483,6 +1496,7 @@ func TestIngressAnnotations(t *testing.T) {
Backend: "other/sslstuff", Backend: "other/sslstuff",
PassHostHeader: true, PassHostHeader: true,
PassTLSCert: true, PassTLSCert: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/sslstuff": { "/sslstuff": {
Rule: "PathPrefix:/sslstuff", Rule: "PathPrefix:/sslstuff",
@ -1495,6 +1509,7 @@ func TestIngressAnnotations(t *testing.T) {
"basic/auth": { "basic/auth": {
Backend: "basic/auth", Backend: "basic/auth",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/auth": { "/auth": {
Rule: "PathPrefix:/auth", Rule: "PathPrefix:/auth",
@ -1508,6 +1523,7 @@ func TestIngressAnnotations(t *testing.T) {
"redirect/https": { "redirect/https": {
Backend: "redirect/https", Backend: "redirect/https",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/https": { "/https": {
Rule: "PathPrefix:/https", Rule: "PathPrefix:/https",
@ -1524,6 +1540,7 @@ func TestIngressAnnotations(t *testing.T) {
"test/whitelist-source-range": { "test/whitelist-source-range": {
Backend: "test/whitelist-source-range", Backend: "test/whitelist-source-range",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
WhitelistSourceRange: []string{ WhitelistSourceRange: []string{
"1.1.1.1/24", "1.1.1.1/24",
"1234:abcd::42/32", "1234:abcd::42/32",
@ -1540,6 +1557,7 @@ func TestIngressAnnotations(t *testing.T) {
"rewrite/api": { "rewrite/api": {
Backend: "rewrite/api", Backend: "rewrite/api",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/api": { "/api": {
Rule: "PathPrefix:/api;ReplacePath:/", Rule: "PathPrefix:/api;ReplacePath:/",
@ -1641,6 +1659,7 @@ func TestPriorityHeaderValue(t *testing.T) {
Backend: "foo/bar", Backend: "foo/bar",
PassHostHeader: true, PassHostHeader: true,
Priority: 1337, Priority: 1337,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -1742,6 +1761,7 @@ func TestInvalidPassTLSCertValue(t *testing.T) {
Backend: "foo/bar", Backend: "foo/bar",
PassTLSCert: false, PassTLSCert: false,
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -1842,6 +1862,7 @@ func TestInvalidPassHostHeaderValue(t *testing.T) {
"foo/bar": { "foo/bar": {
Backend: "foo/bar", Backend: "foo/bar",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"/bar": { "/bar": {
Rule: "PathPrefix:/bar", Rule: "PathPrefix:/bar",
@ -2143,6 +2164,7 @@ func TestMissingResources(t *testing.T) {
"fully_working": { "fully_working": {
Backend: "fully_working", Backend: "fully_working",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"fully_working": { "fully_working": {
Rule: "Host:fully_working", Rule: "Host:fully_working",
@ -2152,6 +2174,7 @@ func TestMissingResources(t *testing.T) {
"missing_endpoints": { "missing_endpoints": {
Backend: "missing_endpoints", Backend: "missing_endpoints",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"missing_endpoints": { "missing_endpoints": {
Rule: "Host:missing_endpoints", Rule: "Host:missing_endpoints",
@ -2161,6 +2184,7 @@ func TestMissingResources(t *testing.T) {
"missing_endpoint_subsets": { "missing_endpoint_subsets": {
Backend: "missing_endpoint_subsets", Backend: "missing_endpoint_subsets",
PassHostHeader: true, PassHostHeader: true,
Headers: &types.Headers{},
Routes: map[string]types.Route{ Routes: map[string]types.Route{
"missing_endpoint_subsets": { "missing_endpoint_subsets": {
Rule: "Host:missing_endpoint_subsets", Rule: "Host:missing_endpoint_subsets",

View file

@ -980,10 +980,9 @@ func (s *Server) loadConfig(configurations types.Configurations, globalConfigura
continue frontend continue frontend
} }
var headerMiddleware *middlewares.HeaderStruct headerMiddleware := middlewares.NewHeaderFromStruct(frontend.Headers)
var responseModifier func(res *http.Response) error var responseModifier func(res *http.Response) error
if frontend.Headers.HasCustomHeadersDefined() { if headerMiddleware != nil {
headerMiddleware = middlewares.NewHeaderFromStruct(frontend.Headers)
responseModifier = headerMiddleware.ModifyResponseHeaders responseModifier = headerMiddleware.ModifyResponseHeaders
} }
@ -1166,8 +1165,9 @@ func (s *Server) loadConfig(configurations types.Configurations, globalConfigura
log.Debugf("Adding header middleware for frontend %s", frontendName) log.Debugf("Adding header middleware for frontend %s", frontendName)
n.Use(headerMiddleware) n.Use(headerMiddleware)
} }
if frontend.Headers.HasSecureHeadersDefined() {
secureMiddleware := middlewares.NewSecure(frontend.Headers) secureMiddleware := middlewares.NewSecure(frontend.Headers)
if secureMiddleware != nil {
log.Debugf("Adding secure middleware for frontend %s", frontendName) log.Debugf("Adding secure middleware for frontend %s", frontendName)
n.UseFunc(secureMiddleware.HandlerFuncWithNext) n.UseFunc(secureMiddleware.HandlerFuncWithNext)
} }

View file

@ -94,6 +94,7 @@
replacement = "{{getRedirectReplacement $container}}" replacement = "{{getRedirectReplacement $container}}"
{{end}} {{end}}
{{ if hasHeaders $container}}
[frontends."frontend-{{$frontend}}".headers] [frontends."frontend-{{$frontend}}".headers]
{{if hasSSLRedirectHeaders $container}} {{if hasSSLRedirectHeaders $container}}
SSLRedirect = {{getSSLRedirectHeaders $container}} SSLRedirect = {{getSSLRedirectHeaders $container}}
@ -140,6 +141,16 @@
{{if hasIsDevelopmentHeaders $container}} {{if hasIsDevelopmentHeaders $container}}
IsDevelopment = {{getIsDevelopmentHeaders $container}} IsDevelopment = {{getIsDevelopmentHeaders $container}}
{{end}} {{end}}
{{if hasAllowedHostsHeaders $container}}
AllowedHosts = [{{range getAllowedHostsHeaders $container}}
"{{.}}",
{{end}}]
{{end}}
{{if hasHostsProxyHeaders $container}}
HostsProxyHeaders = [{{range getHostsProxyHeaders $container}}
"{{.}}",
{{end}}]
{{end}}
{{if hasRequestHeaders $container}} {{if hasRequestHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.customrequestheaders] [frontends."frontend-{{$frontend}}".headers.customrequestheaders]
{{range $k, $v := getRequestHeaders $container}} {{range $k, $v := getRequestHeaders $container}}
@ -152,24 +163,14 @@
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if hasAllowedHostsHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.AllowedHosts]
{{range getAllowedHostsHeaders $container}}
"{{.}}"
{{end}}
{{end}}
{{if hasHostsProxyHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.HostsProxyHeaders]
{{range getHostsProxyHeaders $container}}
"{{.}}"
{{end}}
{{end}}
{{if hasSSLProxyHeaders $container}} {{if hasSSLProxyHeaders $container}}
[frontends."frontend-{{$frontend}}".headers.SSLProxyHeaders] [frontends."frontend-{{$frontend}}".headers.SSLProxyHeaders]
{{range $k, $v := getSSLProxyHeaders $container}} {{range $k, $v := getSSLProxyHeaders $container}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}}
[frontends."frontend-{{$frontend}}".routes."route-frontend-{{$frontend}}"] [frontends."frontend-{{$frontend}}".routes."route-frontend-{{$frontend}}"]
rule = "{{getFrontendRule $container}}" rule = "{{getFrontendRule $container}}"
{{end}} {{end}}

View file

@ -42,6 +42,7 @@
replacement = "{{$frontend.RedirectReplacement}}" replacement = "{{$frontend.RedirectReplacement}}"
{{end}} {{end}}
{{ if $frontend.Headers }}
[frontends."{{$frontendName}}".headers] [frontends."{{$frontendName}}".headers]
SSLRedirect = {{$frontend.Headers.SSLRedirect}} SSLRedirect = {{$frontend.Headers.SSLRedirect}}
SSLTemporaryRedirect = {{$frontend.Headers.SSLTemporaryRedirect}} SSLTemporaryRedirect = {{$frontend.Headers.SSLTemporaryRedirect}}
@ -58,36 +59,41 @@
PublicKey = "{{$frontend.Headers.PublicKey}}" PublicKey = "{{$frontend.Headers.PublicKey}}"
ReferrerPolicy = "{{$frontend.Headers.ReferrerPolicy}}" ReferrerPolicy = "{{$frontend.Headers.ReferrerPolicy}}"
IsDevelopment = {{$frontend.Headers.IsDevelopment}} IsDevelopment = {{$frontend.Headers.IsDevelopment}}
{{if $frontend.Headers.AllowedHosts}}
AllowedHosts = [{{range $frontend.Headers.AllowedHosts}}
"{{.}}",
{{end}}]
{{end}}
{{if $frontend.Headers.HostsProxyHeaders}}
HostsProxyHeaders = [{{range $frontend.Headers.HostsProxyHeaders}}
"{{.}}",
{{end}}]
{{end}}
{{if $frontend.Headers.CustomRequestHeaders}} {{if $frontend.Headers.CustomRequestHeaders}}
[frontends."{{$frontendName}}".headers.customrequestheaders] [frontends."{{$frontendName}}".headers.customrequestheaders]
{{range $k, $v := $frontend.Headers.CustomRequestHeaders}} {{range $k, $v := $frontend.Headers.CustomRequestHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $frontend.Headers.CustomResponseHeaders}} {{if $frontend.Headers.CustomResponseHeaders}}
[frontends."{{$frontendName}}".headers.customresponseheaders] [frontends."{{$frontendName}}".headers.customresponseheaders]
{{range $k, $v := $frontend.Headers.CustomResponseHeaders}} {{range $k, $v := $frontend.Headers.CustomResponseHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{if $frontend.Headers.AllowedHosts}}
[frontends."{{$frontendName}}".headers.AllowedHosts]
{{range $frontend.Headers.AllowedHosts}}
"{{.}}"
{{end}}
{{end}}
{{if $frontend.Headers.HostsProxyHeaders}}
[frontends."{{$frontendName}}".headers.HostsProxyHeaders]
{{range $frontend.Headers.HostsProxyHeaders}}
"{{.}}"
{{end}}
{{end}}
{{if $frontend.Headers.SSLProxyHeaders}} {{if $frontend.Headers.SSLProxyHeaders}}
[frontends."{{$frontendName}}".headers.SSLProxyHeaders] [frontends."{{$frontendName}}".headers.SSLProxyHeaders]
{{range $k, $v := $frontend.Headers.SSLProxyHeaders}} {{range $k, $v := $frontend.Headers.SSLProxyHeaders}}
{{$k}} = "{{$v}}" {{$k}} = "{{$v}}"
{{end}} {{end}}
{{end}} {{end}}
{{end}}
{{range $routeName, $route := $frontend.Routes}} {{range $routeName, $route := $frontend.Routes}}
[frontends."{{$frontendName}}".routes."{{$routeName}}"] [frontends."{{$frontendName}}".routes."{{$routeName}}"]
rule = "{{$route.Rule}}" rule = "{{$route.Rule}}"

View file

@ -113,14 +113,14 @@ type Headers struct {
} }
// HasCustomHeadersDefined checks to see if any of the custom header elements have been set // HasCustomHeadersDefined checks to see if any of the custom header elements have been set
func (h Headers) HasCustomHeadersDefined() bool { func (h *Headers) HasCustomHeadersDefined() bool {
return len(h.CustomResponseHeaders) != 0 || return h != nil && (len(h.CustomResponseHeaders) != 0 ||
len(h.CustomRequestHeaders) != 0 len(h.CustomRequestHeaders) != 0)
} }
// HasSecureHeadersDefined checks to see if any of the secure header elements have been set // HasSecureHeadersDefined checks to see if any of the secure header elements have been set
func (h Headers) HasSecureHeadersDefined() bool { func (h *Headers) HasSecureHeadersDefined() bool {
return len(h.AllowedHosts) != 0 || return h != nil && (len(h.AllowedHosts) != 0 ||
len(h.HostsProxyHeaders) != 0 || len(h.HostsProxyHeaders) != 0 ||
h.SSLRedirect || h.SSLRedirect ||
h.SSLTemporaryRedirect || h.SSLTemporaryRedirect ||
@ -137,7 +137,7 @@ func (h Headers) HasSecureHeadersDefined() bool {
h.ContentSecurityPolicy != "" || h.ContentSecurityPolicy != "" ||
h.PublicKey != "" || h.PublicKey != "" ||
h.ReferrerPolicy != "" || h.ReferrerPolicy != "" ||
h.IsDevelopment h.IsDevelopment)
} }
// Frontend holds frontend configuration. // Frontend holds frontend configuration.
@ -150,7 +150,7 @@ type Frontend struct {
Priority int `json:"priority"` Priority int `json:"priority"`
BasicAuth []string `json:"basicAuth"` BasicAuth []string `json:"basicAuth"`
WhitelistSourceRange []string `json:"whitelistSourceRange,omitempty"` WhitelistSourceRange []string `json:"whitelistSourceRange,omitempty"`
Headers Headers `json:"headers,omitempty"` Headers *Headers `json:"headers,omitempty"`
Errors map[string]ErrorPage `json:"errors,omitempty"` Errors map[string]ErrorPage `json:"errors,omitempty"`
RateLimit *RateLimit `json:"ratelimit,omitempty"` RateLimit *RateLimit `json:"ratelimit,omitempty"`
Redirect *Redirect `json:"redirect,omitempty"` Redirect *Redirect `json:"redirect,omitempty"`