From d044c0f4ccf5e2429a3e501ee33887dedc782beb Mon Sep 17 00:00:00 2001 From: Julien Salleyron Date: Fri, 6 Sep 2019 15:08:04 +0200 Subject: [PATCH] New API security --- .../observability/metrics/prometheus.md | 31 +++++ docs/content/operations/api.md | 85 +++++++++++++- docs/content/operations/ping.md | 35 +++++- .../reference/static-configuration/cli-ref.md | 16 ++- .../reference/static-configuration/env-ref.md | 16 ++- .../reference/static-configuration/file.toml | 4 + .../reference/static-configuration/file.yaml | 8 +- integration/fixtures/access_log_config.toml | 1 + integration/fixtures/acme/acme_base.toml | 1 + integration/fixtures/acme/acme_domains.toml | 1 + .../acme/acme_multiple_resolvers.toml | 1 + integration/fixtures/acme/acme_tcp.toml | 1 + integration/fixtures/acme/acme_tls.toml | 1 + .../fixtures/acme/acme_tls_dynamic.toml | 1 + .../acme/acme_tls_multiple_entrypoints.toml | 1 + integration/fixtures/docker/minimal.toml | 1 + integration/fixtures/docker/simple.toml | 1 + integration/fixtures/grpc/config.toml | 1 + integration/fixtures/grpc/config_h2c.toml | 1 + .../fixtures/grpc/config_h2c_termination.toml | 1 + .../fixtures/grpc/config_insecure.toml | 1 + integration/fixtures/grpc/config_retry.toml | 1 + .../healthcheck/multiple-entrypoints.toml | 1 + .../fixtures/healthcheck/port_overload.toml | 1 + integration/fixtures/healthcheck/simple.toml | 1 + .../https/clientca/https_1ca1config.toml | 1 + .../https/clientca/https_2ca1config.toml | 1 + .../https/clientca/https_2ca2config.toml | 1 + .../fixtures/https/dynamic_https_sni.toml | 1 + .../https/dynamic_https_sni_default_cert.toml | 1 + .../fixtures/https/https_redirect.toml | 1 + integration/fixtures/https/https_sni.toml | 1 + .../https_sni_case_insensitive_dynamic.toml | 1 + .../https/https_sni_default_cert.toml | 1 + .../fixtures/https/https_sni_strict.toml | 1 + .../fixtures/https/https_tls_options.toml | 1 + integration/fixtures/https/rootcas/https.toml | 1 + .../https/rootcas/https_with_file.toml | 1 + integration/fixtures/k8s_crd.toml | 1 + integration/fixtures/k8s_default.toml | 1 + integration/fixtures/marathon/simple.toml | 1 + integration/fixtures/mirror.toml | 1 + integration/fixtures/multiple_provider.toml | 1 + integration/fixtures/multiprovider.toml | 2 + integration/fixtures/proxy-protocol/with.toml | 1 + .../fixtures/proxy-protocol/without.toml | 1 + integration/fixtures/ratelimit/simple.toml | 1 + integration/fixtures/rest/simple.toml | 2 + integration/fixtures/rest/simple_secure.toml | 27 +++++ integration/fixtures/retry/simple.toml | 1 + integration/fixtures/router_errors.toml | 1 + integration/fixtures/service_errors.toml | 1 + integration/fixtures/simple_auth.toml | 1 + integration/fixtures/simple_hostresolver.toml | 1 + integration/fixtures/simple_secure_api.toml | 25 ++++ integration/fixtures/simple_stats.toml | 1 + integration/fixtures/simple_web.toml | 1 + integration/fixtures/simple_whitelist.toml | 3 +- .../tcp/catch-all-no-tls-with-https.toml | 1 + .../fixtures/tcp/catch-all-no-tls.toml | 1 + integration/fixtures/tcp/mixed.toml | 1 + .../fixtures/tcp/multi-tls-options.toml | 1 + .../fixtures/tcp/non-tls-fallback.toml | 1 + integration/fixtures/tcp/non-tls.toml | 1 + .../fixtures/timeout/forwarding_timeouts.toml | 1 + integration/fixtures/timeout/keepalive.toml | 1 + .../fixtures/tlsclientheaders/simple.toml | 1 + .../tracing/simple-jaeger-collector.toml | 1 + .../fixtures/tracing/simple-jaeger.toml | 1 + .../fixtures/tracing/simple-zipkin.toml | 1 + integration/fixtures/traefik_log_config.toml | 1 + integration/fixtures/websocket/config.toml | 1 + .../fixtures/websocket/config_https.toml | 1 + integration/fixtures/wrr.toml | 1 + integration/fixtures/wrr_sticky.toml | 1 + integration/rest_test.go | 108 +++++++++++++++++- integration/simple_test.go | 57 +++++---- pkg/api/handler.go | 9 ++ pkg/config/static/static_config.go | 7 +- pkg/ping/ping.go | 2 + pkg/provider/rest/rest.go | 8 ++ .../router/route_appender_aggregator.go | 22 ++-- .../router/route_appender_aggregator_test.go | 74 +++--------- pkg/server/router/route_appender_factory.go | 5 +- pkg/server/router/router_test.go | 10 +- pkg/server/server.go | 14 ++- pkg/server/server_configuration.go | 9 +- pkg/server/service/service.go | 20 +++- pkg/server/service/service_test.go | 6 +- pkg/types/metrics.go | 2 + 90 files changed, 538 insertions(+), 132 deletions(-) create mode 100644 integration/fixtures/rest/simple_secure.toml create mode 100644 integration/fixtures/simple_secure_api.toml diff --git a/docs/content/observability/metrics/prometheus.md b/docs/content/observability/metrics/prometheus.md index ac8a43dc3..13c3b17b8 100644 --- a/docs/content/observability/metrics/prometheus.md +++ b/docs/content/observability/metrics/prometheus.md @@ -85,3 +85,34 @@ metrics: ```bash tab="CLI" --metrics.prometheus.addServicesLabels=true ``` + +#### `entryPoint` + +_Optional, Default=traefik_ + +Entry point used to expose metrics. + +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.metrics] + address = ":8082" + +[metrics] + [metrics.prometheus] + entryPoint = "metrics" +``` + +```yaml tab="File (YAML)" +entryPoints: + metrics: + address: ":8082" + +metrics: + prometheus: + entryPoint: metrics +``` + +```bash tab="CLI" +--entryPoints.metrics.address=":8082" +--metrics.prometheus..entryPoint="metrics" +``` diff --git a/docs/content/operations/api.md b/docs/content/operations/api.md index 6cbd012c9..61141ad3d 100644 --- a/docs/content/operations/api.md +++ b/docs/content/operations/api.md @@ -1,8 +1,5 @@ # API -!!! important - In the RC version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the GA version. - Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc. As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). @@ -22,11 +19,10 @@ would be to apply the following protection mechanisms: keeping it restricted to internal networks (as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks). -!!! important - In the beta version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the RC version. - ## Configuration +If you enable the API, a new special `service` named `api@internal` is created and then can be reference in a router. + To enable the API handler: ```toml tab="File (TOML)" @@ -41,6 +37,83 @@ api: {} --api=true ``` +And then you will able to reference it like this. + +```yaml tab="Docker" + - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" +``` + +```json tab="Marathon" +"labels": { + "traefik.http.routers.api.rule": "PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + "traefik.http.routers.api.service": "api@internal" + "traefik.http.routers.api.middlewares": "auth" + "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" +} +``` + +```yaml tab="Rancher" +# Declaring the user list +labels: + - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" +``` + +```toml tab="File (TOML)" +[http.routers.my-api] + rule="PathPrefix(`/api`) || PathPrefix(`/dashboard`)" + service="api@internal" + middlewares=["auth"] + +[http.middlewares.auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] +``` + +```yaml tab="File (YAML)" +http: + routers: + api: + rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`) + service: api@internal + middlewares: + - auth + middlewares: + auth: + basicAuth: + users: + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" +``` + +### `insecure` + +Enable the API in `insecure` mode, which means that the API will be available directly on the entryPoint named `traefik`. + +!!! Note + If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080. + +```toml tab="File (TOML)" +[api] + insecure = true +``` + +```yaml tab="File (YAML)" +api: + insecure: true +``` + +```bash tab="CLI" +--api.insecure=true +``` + ### `dashboard` _Optional, Default=true_ diff --git a/docs/content/operations/ping.md b/docs/content/operations/ping.md index deee3d641..6298a3e7d 100644 --- a/docs/content/operations/ping.md +++ b/docs/content/operations/ping.md @@ -5,7 +5,7 @@ Checking the Health of Your Traefik Instances ## Configuration Examples -??? example "Enabling /ping" +!!! example "Enabling /ping" ```toml tab="File (TOML)" [ping] @@ -19,10 +19,39 @@ ping: {} --ping=true ``` +## Configuration Options + +The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`. + +You can customize the `entryPoint` where the `/ping` is active with the `entryPoint` option (default value: `traefik`) + | Path | Method | Description | |---------|---------------|-----------------------------------------------------------------------------------------------------| | `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` | -## Configuration Options +### `entryPoint` -The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`. \ No newline at end of file +Enabling /ping on a dedicated EntryPoint. + +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.ping] + address = ":8082" + +[ping] + entryPoint = "ping" +``` + +```yaml tab="File (YAML)" +entryPoints: + ping: + address: ":8082" + +ping: + entryPoint: "ping" +``` + +```bash tab="CLI" +--entryPoints.ping.address=":8082" +--ping.entryPoint="ping" +``` diff --git a/docs/content/reference/static-configuration/cli-ref.md b/docs/content/reference/static-configuration/cli-ref.md index ecea25aa8..62514adab 100644 --- a/docs/content/reference/static-configuration/cli-ref.md +++ b/docs/content/reference/static-configuration/cli-ref.md @@ -45,6 +45,9 @@ Activate dashboard. (Default: ```true```) `--api.debug`: Enable additional endpoints for debugging and profiling. (Default: ```false```) +`--api.insecure`: +Activate API on an insecure entryPoints named traefik. (Default: ```false```) + `--certificatesresolvers.`: Certificates resolvers configuration. (Default: ```false```) @@ -207,6 +210,9 @@ Enable metrics on services. (Default: ```true```) `--metrics.prometheus.buckets`: Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```) +`--metrics.prometheus.entrypoint`: +EntryPoint (Default: ```traefik```) + `--metrics.statsd`: StatsD metrics exporter type. (Default: ```false```) @@ -223,7 +229,10 @@ Enable metrics on services. (Default: ```true```) StatsD push interval. (Default: ```10```) `--ping`: -Enable ping. (Default: ```true```) +Enable ping. (Default: ```false```) + +`--ping.entrypoint`: +EntryPoint (Default: ```traefik```) `--providers.docker`: Enable Docker backend with default settings. (Default: ```false```) @@ -433,7 +442,10 @@ Defines the polling interval in seconds. (Default: ```15```) Watch provider. (Default: ```true```) `--providers.rest`: -Enable Rest backend with default settings. (Default: ```true```) +Enable Rest backend with default settings. (Default: ```false```) + +`--providers.rest.insecure`: +Activate REST Provider on an insecure entryPoints named traefik. (Default: ```false```) `--serverstransport.forwardingtimeouts.dialtimeout`: The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```) diff --git a/docs/content/reference/static-configuration/env-ref.md b/docs/content/reference/static-configuration/env-ref.md index 194cd0897..14da23d49 100644 --- a/docs/content/reference/static-configuration/env-ref.md +++ b/docs/content/reference/static-configuration/env-ref.md @@ -45,6 +45,9 @@ Activate dashboard. (Default: ```true```) `TRAEFIK_API_DEBUG`: Enable additional endpoints for debugging and profiling. (Default: ```false```) +`TRAEFIK_API_INSECURE`: +Activate API on an insecure entryPoints named traefik. (Default: ```false```) + `TRAEFIK_CERTIFICATESRESOLVERS_`: Certificates resolvers configuration. (Default: ```false```) @@ -207,6 +210,9 @@ Enable metrics on services. (Default: ```true```) `TRAEFIK_METRICS_PROMETHEUS_BUCKETS`: Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```) +`TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT`: +EntryPoint (Default: ```traefik```) + `TRAEFIK_METRICS_STATSD`: StatsD metrics exporter type. (Default: ```false```) @@ -223,7 +229,10 @@ Enable metrics on services. (Default: ```true```) StatsD push interval. (Default: ```10```) `TRAEFIK_PING`: -Enable ping. (Default: ```true```) +Enable ping. (Default: ```false```) + +`TRAEFIK_PING_ENTRYPOINT`: +EntryPoint (Default: ```traefik```) `TRAEFIK_PROVIDERS_DOCKER`: Enable Docker backend with default settings. (Default: ```false```) @@ -433,7 +442,10 @@ Defines the polling interval in seconds. (Default: ```15```) Watch provider. (Default: ```true```) `TRAEFIK_PROVIDERS_REST`: -Enable Rest backend with default settings. (Default: ```true```) +Enable Rest backend with default settings. (Default: ```false```) + +`TRAEFIK_PROVIDERS_REST_INSECURE`: +Activate REST Provider on an insecure entryPoints named traefik. (Default: ```false```) `TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`: The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```) diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index b4d1f88b8..4f4542f63 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -96,6 +96,7 @@ labelSelector = "foobar" ingressClass = "foobar" [providers.rest] + insecure = true [providers.rancher] constraints = "foobar" watch = true @@ -107,6 +108,7 @@ prefix = "foobar" [api] + insecure = true dashboard = true debug = true @@ -115,6 +117,7 @@ buckets = [42.0, 42.0] addEntryPointsLabels = true addServicesLabels = true + entryPoint = "foobar" [metrics.datadog] address = "foobar" pushInterval = "10s" @@ -137,6 +140,7 @@ addServicesLabels = true [ping] + entryPoint = "foobar" [log] level = "foobar" diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index 12f7c011f..6080d9037 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -102,7 +102,8 @@ providers: - foobar labelSelector: foobar ingressClass: foobar - rest: {} + rest: + insecure: true rancher: constraints: foobar watch: true @@ -113,6 +114,7 @@ providers: intervalPoll: true prefix: foobar api: + insecure: true dashboard: true debug: true metrics: @@ -122,6 +124,7 @@ metrics: - 42 addEntryPointsLabels: true addServicesLabels: true + entryPoint: foobar datadog: address: foobar pushInterval: 42 @@ -142,7 +145,8 @@ metrics: password: foobar addEntryPointsLabels: true addServicesLabels: true -ping: {} +ping: + entryPoint: foobar log: level: foobar filePath: foobar diff --git a/integration/fixtures/access_log_config.toml b/integration/fixtures/access_log_config.toml index 19f5416e3..68e653788 100644 --- a/integration/fixtures/access_log_config.toml +++ b/integration/fixtures/access_log_config.toml @@ -22,6 +22,7 @@ address = ":8008" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/acme/acme_base.toml b/integration/fixtures/acme/acme_base.toml index ae8b2be83..9a8242e63 100644 --- a/integration/fixtures/acme/acme_base.toml +++ b/integration/fixtures/acme/acme_base.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/acme/acme_domains.toml b/integration/fixtures/acme/acme_domains.toml index 72f047acf..e9b150eb3 100644 --- a/integration/fixtures/acme/acme_domains.toml +++ b/integration/fixtures/acme/acme_domains.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/acme/acme_multiple_resolvers.toml b/integration/fixtures/acme/acme_multiple_resolvers.toml index 73313d3f3..6da4a2a48 100644 --- a/integration/fixtures/acme/acme_multiple_resolvers.toml +++ b/integration/fixtures/acme/acme_multiple_resolvers.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/acme/acme_tcp.toml b/integration/fixtures/acme/acme_tcp.toml index c016a4139..3bf7e3721 100644 --- a/integration/fixtures/acme/acme_tcp.toml +++ b/integration/fixtures/acme/acme_tcp.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/acme/acme_tls.toml b/integration/fixtures/acme/acme_tls.toml index 2319974bd..990ba69d4 100644 --- a/integration/fixtures/acme/acme_tls.toml +++ b/integration/fixtures/acme/acme_tls.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/acme/acme_tls_dynamic.toml b/integration/fixtures/acme/acme_tls_dynamic.toml index eac99adc1..832ae1f27 100644 --- a/integration/fixtures/acme/acme_tls_dynamic.toml +++ b/integration/fixtures/acme/acme_tls_dynamic.toml @@ -31,6 +31,7 @@ {{end}} [api] + insecure = true [providers] [providers.file] diff --git a/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml b/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml index f4601b695..3ffbdfad8 100644 --- a/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml +++ b/integration/fixtures/acme/acme_tls_multiple_entrypoints.toml @@ -34,3 +34,4 @@ {{end}} [api] + insecure = true diff --git a/integration/fixtures/docker/minimal.toml b/integration/fixtures/docker/minimal.toml index 4ba52559e..8e6024d84 100644 --- a/integration/fixtures/docker/minimal.toml +++ b/integration/fixtures/docker/minimal.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/docker/simple.toml b/integration/fixtures/docker/simple.toml index 630fd5549..a2c0de53f 100644 --- a/integration/fixtures/docker/simple.toml +++ b/integration/fixtures/docker/simple.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/grpc/config.toml b/integration/fixtures/grpc/config.toml index 5ebf5e946..1e8aac3a0 100644 --- a/integration/fixtures/grpc/config.toml +++ b/integration/fixtures/grpc/config.toml @@ -13,6 +13,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/grpc/config_h2c.toml b/integration/fixtures/grpc/config_h2c.toml index 8dfcc99da..683b72f58 100644 --- a/integration/fixtures/grpc/config_h2c.toml +++ b/integration/fixtures/grpc/config_h2c.toml @@ -10,6 +10,7 @@ address = ":8081" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/grpc/config_h2c_termination.toml b/integration/fixtures/grpc/config_h2c_termination.toml index 10fbdaeaa..f4188fbe7 100644 --- a/integration/fixtures/grpc/config_h2c_termination.toml +++ b/integration/fixtures/grpc/config_h2c_termination.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/grpc/config_insecure.toml b/integration/fixtures/grpc/config_insecure.toml index 417ebdd22..997a23c5b 100644 --- a/integration/fixtures/grpc/config_insecure.toml +++ b/integration/fixtures/grpc/config_insecure.toml @@ -13,6 +13,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/grpc/config_retry.toml b/integration/fixtures/grpc/config_retry.toml index dfd316ea5..e3d5efe99 100644 --- a/integration/fixtures/grpc/config_retry.toml +++ b/integration/fixtures/grpc/config_retry.toml @@ -13,6 +13,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/healthcheck/multiple-entrypoints.toml b/integration/fixtures/healthcheck/multiple-entrypoints.toml index 3c1d60f3c..12bab7274 100644 --- a/integration/fixtures/healthcheck/multiple-entrypoints.toml +++ b/integration/fixtures/healthcheck/multiple-entrypoints.toml @@ -12,6 +12,7 @@ address = ":9000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/healthcheck/port_overload.toml b/integration/fixtures/healthcheck/port_overload.toml index 40b24391b..eb7accedd 100644 --- a/integration/fixtures/healthcheck/port_overload.toml +++ b/integration/fixtures/healthcheck/port_overload.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/healthcheck/simple.toml b/integration/fixtures/healthcheck/simple.toml index 92bc1e4d7..a2338a8b0 100644 --- a/integration/fixtures/healthcheck/simple.toml +++ b/integration/fixtures/healthcheck/simple.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/clientca/https_1ca1config.toml b/integration/fixtures/https/clientca/https_1ca1config.toml index f52896e55..951fa703d 100644 --- a/integration/fixtures/https/clientca/https_1ca1config.toml +++ b/integration/fixtures/https/clientca/https_1ca1config.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/clientca/https_2ca1config.toml b/integration/fixtures/https/clientca/https_2ca1config.toml index 948374c04..1ccc98954 100644 --- a/integration/fixtures/https/clientca/https_2ca1config.toml +++ b/integration/fixtures/https/clientca/https_2ca1config.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/clientca/https_2ca2config.toml b/integration/fixtures/https/clientca/https_2ca2config.toml index 5757ac602..43725bcb2 100644 --- a/integration/fixtures/https/clientca/https_2ca2config.toml +++ b/integration/fixtures/https/clientca/https_2ca2config.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/dynamic_https_sni.toml b/integration/fixtures/https/dynamic_https_sni.toml index 2a7ff45fa..20b82c0dd 100644 --- a/integration/fixtures/https/dynamic_https_sni.toml +++ b/integration/fixtures/https/dynamic_https_sni.toml @@ -13,6 +13,7 @@ address = ":8443" [api] + insecure = true [providers] [providers.file] diff --git a/integration/fixtures/https/dynamic_https_sni_default_cert.toml b/integration/fixtures/https/dynamic_https_sni_default_cert.toml index 05f3c1b6d..d8e6f8d45 100644 --- a/integration/fixtures/https/dynamic_https_sni_default_cert.toml +++ b/integration/fixtures/https/dynamic_https_sni_default_cert.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_redirect.toml b/integration/fixtures/https/https_redirect.toml index 3147488c4..6ee48d0ca 100644 --- a/integration/fixtures/https/https_redirect.toml +++ b/integration/fixtures/https/https_redirect.toml @@ -13,6 +13,7 @@ address = ":8443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_sni.toml b/integration/fixtures/https/https_sni.toml index c5212af6a..a847d3de0 100644 --- a/integration/fixtures/https/https_sni.toml +++ b/integration/fixtures/https/https_sni.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml b/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml index 614a54ee1..9e63fff4b 100644 --- a/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml +++ b/integration/fixtures/https/https_sni_case_insensitive_dynamic.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_sni_default_cert.toml b/integration/fixtures/https/https_sni_default_cert.toml index 05f3c1b6d..d8e6f8d45 100644 --- a/integration/fixtures/https/https_sni_default_cert.toml +++ b/integration/fixtures/https/https_sni_default_cert.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_sni_strict.toml b/integration/fixtures/https/https_sni_strict.toml index 9ada0a5e6..09f442c00 100644 --- a/integration/fixtures/https/https_sni_strict.toml +++ b/integration/fixtures/https/https_sni_strict.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/https_tls_options.toml b/integration/fixtures/https/https_tls_options.toml index 4e7dfde43..9bd67c277 100644 --- a/integration/fixtures/https/https_tls_options.toml +++ b/integration/fixtures/https/https_tls_options.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/rootcas/https.toml b/integration/fixtures/https/rootcas/https.toml index 54b502faa..2525c7473 100644 --- a/integration/fixtures/https/rootcas/https.toml +++ b/integration/fixtures/https/rootcas/https.toml @@ -29,6 +29,7 @@ fblo6RBxUQ== address = ":8081" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/https/rootcas/https_with_file.toml b/integration/fixtures/https/rootcas/https_with_file.toml index 21e957df8..62a79ac11 100644 --- a/integration/fixtures/https/rootcas/https_with_file.toml +++ b/integration/fixtures/https/rootcas/https_with_file.toml @@ -14,6 +14,7 @@ address = ":8081" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/k8s_crd.toml b/integration/fixtures/k8s_crd.toml index 21bfa9855..891e3f13e 100644 --- a/integration/fixtures/k8s_crd.toml +++ b/integration/fixtures/k8s_crd.toml @@ -6,6 +6,7 @@ level = "DEBUG" [api] + insecure = true [entryPoints] [entryPoints.footcp] diff --git a/integration/fixtures/k8s_default.toml b/integration/fixtures/k8s_default.toml index 2b39f0f65..ede432aed 100644 --- a/integration/fixtures/k8s_default.toml +++ b/integration/fixtures/k8s_default.toml @@ -3,6 +3,7 @@ sendAnonymousUsage = false [api] + insecure = true [log] level = "DEBUG" diff --git a/integration/fixtures/marathon/simple.toml b/integration/fixtures/marathon/simple.toml index 81082bfe4..f8b4e7266 100644 --- a/integration/fixtures/marathon/simple.toml +++ b/integration/fixtures/marathon/simple.toml @@ -12,6 +12,7 @@ address = ":9090" [api] + insecure = true [providers] [providers.marathon] diff --git a/integration/fixtures/mirror.toml b/integration/fixtures/mirror.toml index a5a07cce8..9448eec7a 100644 --- a/integration/fixtures/mirror.toml +++ b/integration/fixtures/mirror.toml @@ -3,6 +3,7 @@ sendAnonymousUsage = false [api] + insecure = true [log] level = "DEBUG" diff --git a/integration/fixtures/multiple_provider.toml b/integration/fixtures/multiple_provider.toml index 0ac809de2..e5f972d38 100644 --- a/integration/fixtures/multiple_provider.toml +++ b/integration/fixtures/multiple_provider.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/multiprovider.toml b/integration/fixtures/multiprovider.toml index 23c0161ae..bc59d7fab 100644 --- a/integration/fixtures/multiprovider.toml +++ b/integration/fixtures/multiprovider.toml @@ -6,6 +6,7 @@ level = "DEBUG" [api] + insecure = true [entryPoints] [entryPoints.web] @@ -13,6 +14,7 @@ [providers] [providers.rest] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/proxy-protocol/with.toml b/integration/fixtures/proxy-protocol/with.toml index f16361986..c47e97dc5 100644 --- a/integration/fixtures/proxy-protocol/with.toml +++ b/integration/fixtures/proxy-protocol/with.toml @@ -12,6 +12,7 @@ trustedIPs = ["{{.HaproxyIP}}"] [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/proxy-protocol/without.toml b/integration/fixtures/proxy-protocol/without.toml index ef95ca5c7..71b982486 100644 --- a/integration/fixtures/proxy-protocol/without.toml +++ b/integration/fixtures/proxy-protocol/without.toml @@ -12,6 +12,7 @@ trustedIPs = ["1.2.3.4"] [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/ratelimit/simple.toml b/integration/fixtures/ratelimit/simple.toml index 7bdb5a367..aed8d0293 100644 --- a/integration/fixtures/ratelimit/simple.toml +++ b/integration/fixtures/ratelimit/simple.toml @@ -3,6 +3,7 @@ sendAnonymousUsage = false [api] + insecure = true [log] level = "DEBUG" diff --git a/integration/fixtures/rest/simple.toml b/integration/fixtures/rest/simple.toml index 575c6e2e4..8bf7ff14c 100644 --- a/integration/fixtures/rest/simple.toml +++ b/integration/fixtures/rest/simple.toml @@ -10,6 +10,8 @@ address = ":8000" [api] + insecure = true [providers] [providers.rest] + insecure = true diff --git a/integration/fixtures/rest/simple_secure.toml b/integration/fixtures/rest/simple_secure.toml new file mode 100644 index 000000000..312c8f628 --- /dev/null +++ b/integration/fixtures/rest/simple_secure.toml @@ -0,0 +1,27 @@ +[global] + checkNewVersion = false + sendAnonymousUsage = false + +[log] + level = "DEBUG" + +[entryPoints] + [entryPoints.web] + address = ":8000" + +[api] + insecure = true + +[providers.rest] + +[providers.file] + filename = "{{ .SelfFilename }}" + +[http.routers.rest] + rule="PathPrefix(`/secure`)" + service="rest@internal" + middlewares=["strip"] + +[http.middlewares.strip.stripPrefix] + prefixes = [ "/secure" ] + diff --git a/integration/fixtures/retry/simple.toml b/integration/fixtures/retry/simple.toml index fea2a4a60..c9e287ae3 100644 --- a/integration/fixtures/retry/simple.toml +++ b/integration/fixtures/retry/simple.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/router_errors.toml b/integration/fixtures/router_errors.toml index 3e9a75f29..db9429e3c 100644 --- a/integration/fixtures/router_errors.toml +++ b/integration/fixtures/router_errors.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/service_errors.toml b/integration/fixtures/service_errors.toml index 3bdc495bb..cb0997a83 100644 --- a/integration/fixtures/service_errors.toml +++ b/integration/fixtures/service_errors.toml @@ -10,6 +10,7 @@ address = ":4443" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/simple_auth.toml b/integration/fixtures/simple_auth.toml index 51476e428..1edc7ea6b 100644 --- a/integration/fixtures/simple_auth.toml +++ b/integration/fixtures/simple_auth.toml @@ -13,6 +13,7 @@ address = ":8001" [api] + insecure = true middlewares = ["authentication@file"] [ping] diff --git a/integration/fixtures/simple_hostresolver.toml b/integration/fixtures/simple_hostresolver.toml index 77627f89b..01789610a 100644 --- a/integration/fixtures/simple_hostresolver.toml +++ b/integration/fixtures/simple_hostresolver.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/simple_secure_api.toml b/integration/fixtures/simple_secure_api.toml new file mode 100644 index 000000000..f10759fbf --- /dev/null +++ b/integration/fixtures/simple_secure_api.toml @@ -0,0 +1,25 @@ +[global] + checkNewVersion = false + sendAnonymousUsage = false + +[entryPoints] + [entryPoints.web] + address = ":8000" + + [entryPoints.traefik] + address = ":8080" + + +[api] + +[providers.file] + filename = "{{ .SelfFilename }}" + +[http.routers.api] + rule="PathPrefix(`/secure`)" + service="api@internal" + middlewares=["strip"] + +[http.middlewares.strip.stripPrefix] + prefixes = [ "/secure" ] + diff --git a/integration/fixtures/simple_stats.toml b/integration/fixtures/simple_stats.toml index 4283299db..eeb4c2533 100644 --- a/integration/fixtures/simple_stats.toml +++ b/integration/fixtures/simple_stats.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/simple_web.toml b/integration/fixtures/simple_web.toml index 8751d9479..1d17ccb57 100644 --- a/integration/fixtures/simple_web.toml +++ b/integration/fixtures/simple_web.toml @@ -10,3 +10,4 @@ address = ":8000" [api] + insecure = true diff --git a/integration/fixtures/simple_whitelist.toml b/integration/fixtures/simple_whitelist.toml index bef0e455d..03fa451e4 100644 --- a/integration/fixtures/simple_whitelist.toml +++ b/integration/fixtures/simple_whitelist.toml @@ -9,9 +9,10 @@ [entryPoints.web] address = ":8000" [entryPoints.web.ForwardedHeaders] - insecure=true + insecure = true [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/tcp/catch-all-no-tls-with-https.toml b/integration/fixtures/tcp/catch-all-no-tls-with-https.toml index cc65bda34..1f9a18aaa 100644 --- a/integration/fixtures/tcp/catch-all-no-tls-with-https.toml +++ b/integration/fixtures/tcp/catch-all-no-tls-with-https.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tcp/catch-all-no-tls.toml b/integration/fixtures/tcp/catch-all-no-tls.toml index 0132822ee..3e79f8f79 100644 --- a/integration/fixtures/tcp/catch-all-no-tls.toml +++ b/integration/fixtures/tcp/catch-all-no-tls.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tcp/mixed.toml b/integration/fixtures/tcp/mixed.toml index e673276ad..ef25965ec 100644 --- a/integration/fixtures/tcp/mixed.toml +++ b/integration/fixtures/tcp/mixed.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tcp/multi-tls-options.toml b/integration/fixtures/tcp/multi-tls-options.toml index b36dae76a..1dee6c285 100644 --- a/integration/fixtures/tcp/multi-tls-options.toml +++ b/integration/fixtures/tcp/multi-tls-options.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tcp/non-tls-fallback.toml b/integration/fixtures/tcp/non-tls-fallback.toml index 45ff3caa7..ed15f1072 100644 --- a/integration/fixtures/tcp/non-tls-fallback.toml +++ b/integration/fixtures/tcp/non-tls-fallback.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tcp/non-tls.toml b/integration/fixtures/tcp/non-tls.toml index 6c7acf6df..37b840825 100644 --- a/integration/fixtures/tcp/non-tls.toml +++ b/integration/fixtures/tcp/non-tls.toml @@ -10,6 +10,7 @@ address = ":8093" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/timeout/forwarding_timeouts.toml b/integration/fixtures/timeout/forwarding_timeouts.toml index 9df89a175..0dc5d4933 100644 --- a/integration/fixtures/timeout/forwarding_timeouts.toml +++ b/integration/fixtures/timeout/forwarding_timeouts.toml @@ -17,6 +17,7 @@ format = "json" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/timeout/keepalive.toml b/integration/fixtures/timeout/keepalive.toml index 4a8924362..f3d7c3df7 100644 --- a/integration/fixtures/timeout/keepalive.toml +++ b/integration/fixtures/timeout/keepalive.toml @@ -13,6 +13,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/tlsclientheaders/simple.toml b/integration/fixtures/tlsclientheaders/simple.toml index 5e6af461d..207ad6006 100644 --- a/integration/fixtures/tlsclientheaders/simple.toml +++ b/integration/fixtures/tlsclientheaders/simple.toml @@ -13,6 +13,7 @@ address = ":8443" [api] + insecure = true [providers] [providers.docker] diff --git a/integration/fixtures/tracing/simple-jaeger-collector.toml b/integration/fixtures/tracing/simple-jaeger-collector.toml index 559f9a149..d10d5b914 100644 --- a/integration/fixtures/tracing/simple-jaeger-collector.toml +++ b/integration/fixtures/tracing/simple-jaeger-collector.toml @@ -6,6 +6,7 @@ level = "DEBUG" [api] + insecure = true [entryPoints] [entryPoints.web] diff --git a/integration/fixtures/tracing/simple-jaeger.toml b/integration/fixtures/tracing/simple-jaeger.toml index 6f5e7da3a..fea514f79 100644 --- a/integration/fixtures/tracing/simple-jaeger.toml +++ b/integration/fixtures/tracing/simple-jaeger.toml @@ -6,6 +6,7 @@ level = "DEBUG" [api] + insecure = true [entryPoints] [entryPoints.web] diff --git a/integration/fixtures/tracing/simple-zipkin.toml b/integration/fixtures/tracing/simple-zipkin.toml index c5bc9d143..43842b70e 100644 --- a/integration/fixtures/tracing/simple-zipkin.toml +++ b/integration/fixtures/tracing/simple-zipkin.toml @@ -6,6 +6,7 @@ level = "DEBUG" [api] + insecure = true [entryPoints] [entryPoints.web] diff --git a/integration/fixtures/traefik_log_config.toml b/integration/fixtures/traefik_log_config.toml index e7b077c61..3ca5cc771 100644 --- a/integration/fixtures/traefik_log_config.toml +++ b/integration/fixtures/traefik_log_config.toml @@ -14,6 +14,7 @@ address = ":8000" [api] + insecure = true dashboard = false [providers] diff --git a/integration/fixtures/websocket/config.toml b/integration/fixtures/websocket/config.toml index 3e357c057..83a499ce7 100644 --- a/integration/fixtures/websocket/config.toml +++ b/integration/fixtures/websocket/config.toml @@ -10,6 +10,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/websocket/config_https.toml b/integration/fixtures/websocket/config_https.toml index c878e1ef3..91549eeaa 100644 --- a/integration/fixtures/websocket/config_https.toml +++ b/integration/fixtures/websocket/config_https.toml @@ -13,6 +13,7 @@ address = ":8000" [api] + insecure = true [providers.file] filename = "{{ .SelfFilename }}" diff --git a/integration/fixtures/wrr.toml b/integration/fixtures/wrr.toml index ad63ceb0d..67c6801fc 100644 --- a/integration/fixtures/wrr.toml +++ b/integration/fixtures/wrr.toml @@ -3,6 +3,7 @@ sendAnonymousUsage = false [api] + insecure = true [log] level = "DEBUG" diff --git a/integration/fixtures/wrr_sticky.toml b/integration/fixtures/wrr_sticky.toml index 4181dde54..0d63558c5 100644 --- a/integration/fixtures/wrr_sticky.toml +++ b/integration/fixtures/wrr_sticky.toml @@ -3,6 +3,7 @@ sendAnonymousUsage = false [api] + insecure = true [log] level = "DEBUG" diff --git a/integration/rest_test.go b/integration/rest_test.go index 692542c9f..d87092571 100644 --- a/integration/rest_test.go +++ b/integration/rest_test.go @@ -4,6 +4,8 @@ import ( "bytes" "encoding/json" "net/http" + "os" + "strings" "time" "github.com/containous/traefik/v2/integration/try" @@ -20,7 +22,7 @@ func (s *RestSuite) SetUpSuite(c *check.C) { s.composeProject.Start(c) } -func (s *RestSuite) TestSimpleConfiguration(c *check.C) { +func (s *RestSuite) TestSimpleConfigurationInsecure(c *check.C) { cmd, display := s.traefikCmd(withConfigFile("fixtures/rest/simple.toml")) defer display(c) @@ -110,3 +112,107 @@ func (s *RestSuite) TestSimpleConfiguration(c *check.C) { c.Assert(err, checker.IsNil) } } + +func (s *RestSuite) TestSimpleConfiguration(c *check.C) { + file := s.adaptFile(c, "fixtures/rest/simple_secure.toml", struct{}{}) + defer os.Remove(file) + + cmd, display := s.traefikCmd(withConfigFile(file)) + + defer display(c) + err := cmd.Start() + c.Assert(err, checker.IsNil) + defer cmd.Process.Kill() + + // Expected a 404 as we did not configure anything. + err = try.GetRequest("http://127.0.0.1:8000/", 1000*time.Millisecond, try.StatusCodeIs(http.StatusNotFound)) + c.Assert(err, checker.IsNil) + + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 2000*time.Millisecond, try.BodyContains("PathPrefix(`/secure`)")) + c.Assert(err, checker.IsNil) + + request, err := http.NewRequest(http.MethodPut, "http://127.0.0.1:8080/api/providers/rest", strings.NewReader("{}")) + c.Assert(err, checker.IsNil) + + response, err := http.DefaultClient.Do(request) + c.Assert(err, checker.IsNil) + c.Assert(response.StatusCode, checker.Equals, http.StatusNotFound) + + testCase := []struct { + desc string + config *dynamic.Configuration + ruleMatch string + }{ + { + desc: "deploy http configuration", + config: &dynamic.Configuration{ + HTTP: &dynamic.HTTPConfiguration{ + Routers: map[string]*dynamic.Router{ + "router1": { + EntryPoints: []string{"web"}, + Middlewares: []string{}, + Service: "service1", + Rule: "PathPrefix(`/`)", + }, + }, + Services: map[string]*dynamic.Service{ + "service1": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + Servers: []dynamic.Server{ + { + URL: "http://" + s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress + ":80", + }, + }, + }, + }, + }, + }, + }, + ruleMatch: "PathPrefix(`/`)", + }, + { + desc: "deploy tcp configuration", + config: &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "router1": { + EntryPoints: []string{"web"}, + Service: "service1", + Rule: "HostSNI(`*`)", + }, + }, + Services: map[string]*dynamic.TCPService{ + "service1": { + LoadBalancer: &dynamic.TCPLoadBalancerService{ + Servers: []dynamic.TCPServer{ + { + Address: s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress + ":80", + }, + }, + }, + }, + }, + }, + }, + ruleMatch: "HostSNI(`*`)", + }, + } + + for _, test := range testCase { + json, err := json.Marshal(test.config) + c.Assert(err, checker.IsNil) + + request, err := http.NewRequest(http.MethodPut, "http://127.0.0.1:8000/secure/api/providers/rest", bytes.NewReader(json)) + c.Assert(err, checker.IsNil) + + response, err := http.DefaultClient.Do(request) + c.Assert(err, checker.IsNil) + c.Assert(response.StatusCode, checker.Equals, http.StatusOK) + + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1000*time.Millisecond, try.BodyContains(test.ruleMatch)) + c.Assert(err, checker.IsNil) + + err = try.GetRequest("http://127.0.0.1:8000/", 1000*time.Millisecond, try.StatusCodeIs(http.StatusOK)) + c.Assert(err, checker.IsNil) + } +} diff --git a/integration/simple_test.go b/integration/simple_test.go index b95151295..3fb721287 100644 --- a/integration/simple_test.go +++ b/integration/simple_test.go @@ -161,33 +161,6 @@ func (s *SimpleSuite) TestRequestAcceptGraceTimeout(c *check.C) { } } -func (s *SimpleSuite) TestApiOnSameEntryPoint(c *check.C) { - c.Skip("Waiting for new api handler implementation") - s.createComposeProject(c, "base") - s.composeProject.Start(c) - - cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--api.entryPoint=http", "--log.level=DEBUG", "--providers.docker") - defer output(c) - - err := cmd.Start() - c.Assert(err, checker.IsNil) - defer cmd.Process.Kill() - - // TODO validate : run on 80 - // Expected a 404 as we did not configure anything - err = try.GetRequest("http://127.0.0.1:8000/test", 1*time.Second, try.StatusCodeIs(http.StatusNotFound)) - c.Assert(err, checker.IsNil) - - err = try.GetRequest("http://127.0.0.1:8000/api/rawdata", 1*time.Second, try.StatusCodeIs(http.StatusOK)) - c.Assert(err, checker.IsNil) - - err = try.GetRequest("http://127.0.0.1:8000/api/rawdata", 1*time.Second, try.BodyContains("PathPrefix")) - c.Assert(err, checker.IsNil) - - err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK)) - c.Assert(err, checker.IsNil) -} - func (s *SimpleSuite) TestStatsWithMultipleEntryPoint(c *check.C) { c.Skip("Stats is missing") s.createComposeProject(c, "stats") @@ -250,7 +223,7 @@ func (s *SimpleSuite) TestDefaultEntryPointHTTP(c *check.C) { s.createComposeProject(c, "base") s.composeProject.Start(c) - cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--log.level=DEBUG", "--providers.docker", "--api") + cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--log.level=DEBUG", "--providers.docker", "--api.insecure") defer output(c) err := cmd.Start() @@ -268,7 +241,7 @@ func (s *SimpleSuite) TestWithNonExistingEntryPoint(c *check.C) { s.createComposeProject(c, "base") s.composeProject.Start(c) - cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--log.level=DEBUG", "--providers.docker", "--api") + cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--log.level=DEBUG", "--providers.docker", "--api.insecure") defer output(c) err := cmd.Start() @@ -286,7 +259,7 @@ func (s *SimpleSuite) TestMetricsPrometheusDefaultEntryPoint(c *check.C) { s.createComposeProject(c, "base") s.composeProject.Start(c) - cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--api", "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0", "--providers.docker", "--log.level=DEBUG") + cmd, output := s.traefikCmd("--entryPoints.http.Address=:8000", "--api.insecure", "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0", "--providers.docker", "--log.level=DEBUG") defer output(c) err := cmd.Start() @@ -785,3 +758,27 @@ func (s *SimpleSuite) TestMirrorCanceled(c *check.C) { c.Assert(val1, checker.Equals, int32(0)) c.Assert(val2, checker.Equals, int32(0)) } + +func (s *SimpleSuite) TestSecureAPI(c *check.C) { + s.createComposeProject(c, "base") + s.composeProject.Start(c) + + file := s.adaptFile(c, "./fixtures/simple_secure_api.toml", struct{}{}) + defer os.Remove(file) + + cmd, output := s.traefikCmd(withConfigFile(file)) + defer output(c) + + err := cmd.Start() + c.Assert(err, checker.IsNil) + defer cmd.Process.Kill() + + err = try.GetRequest("http://127.0.0.1:8000/secure/api/rawdata", 1*time.Second, try.StatusCodeIs(http.StatusOK)) + c.Assert(err, checker.IsNil) + + err = try.GetRequest("http://127.0.0.1:8000/api/rawdata", 1*time.Second, try.StatusCodeIs(http.StatusNotFound)) + c.Assert(err, checker.IsNil) + + err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.StatusCodeIs(http.StatusNotFound)) + c.Assert(err, checker.IsNil) +} diff --git a/pkg/api/handler.go b/pkg/api/handler.go index 4b707c568..87f844c6c 100644 --- a/pkg/api/handler.go +++ b/pkg/api/handler.go @@ -55,6 +55,15 @@ type Handler struct { dashboardAssets *assetfs.AssetFS } +// NewBuilder returns a http.Handler builder based on runtime.Configuration +func NewBuilder(staticConfig static.Configuration) func(*runtime.Configuration) http.Handler { + return func(configuration *runtime.Configuration) http.Handler { + router := mux.NewRouter() + New(staticConfig, configuration).Append(router) + return router + } +} + // New returns a Handler defined by staticConfig, and if provided, by runtimeConfig. // It finishes populating the information provided in the runtimeConfig. func New(staticConfig static.Configuration, runtimeConfig *runtime.Configuration) *Handler { diff --git a/pkg/config/static/static_config.go b/pkg/config/static/static_config.go index 3dcf771a9..f7caa20cc 100644 --- a/pkg/config/static/static_config.go +++ b/pkg/config/static/static_config.go @@ -85,6 +85,7 @@ type ServersTransport struct { // API holds the API configuration type API struct { + Insecure bool `description:"Activate API directly on the entryPoint named traefik." json:"insecure,omitempty" toml:"insecure,omitempty" yaml:"insecure,omitempty" export:"true"` Dashboard bool `description:"Activate dashboard." json:"dashboard,omitempty" toml:"dashboard,omitempty" yaml:"dashboard,omitempty" export:"true"` Debug bool `description:"Enable additional endpoints for debugging and profiling." json:"debug,omitempty" toml:"debug,omitempty" yaml:"debug,omitempty" export:"true"` // TODO: Re-enable statistics @@ -173,9 +174,9 @@ func (c *Configuration) SetEffectiveConfiguration() { } } - if (c.API != nil) || - (c.Ping != nil) || - (c.Metrics != nil && c.Metrics.Prometheus != nil) || + if (c.API != nil && c.API.Insecure) || + (c.Ping != nil && c.Ping.EntryPoint == DefaultInternalEntryPointName) || + (c.Metrics != nil && c.Metrics.Prometheus != nil && c.Metrics.Prometheus.EntryPoint == DefaultInternalEntryPointName) || (c.Providers.Rest != nil) { if _, ok := c.EntryPoints[DefaultInternalEntryPointName]; !ok { ep := &EntryPoint{Address: ":8080"} diff --git a/pkg/ping/ping.go b/pkg/ping/ping.go index 44383d8bc..e839aa6c3 100644 --- a/pkg/ping/ping.go +++ b/pkg/ping/ping.go @@ -10,11 +10,13 @@ import ( // Handler expose ping routes. type Handler struct { + EntryPoint string `description:"EntryPoint" export:"true" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty"` terminating bool } // SetDefaults sets the default values. func (h *Handler) SetDefaults() { + h.EntryPoint = "traefik" } // WithContext causes the ping endpoint to serve non 200 responses. diff --git a/pkg/provider/rest/rest.go b/pkg/provider/rest/rest.go index 8c3c082a6..ed62466de 100644 --- a/pkg/provider/rest/rest.go +++ b/pkg/provider/rest/rest.go @@ -18,6 +18,7 @@ var _ provider.Provider = (*Provider)(nil) // Provider is a provider.Provider implementation that provides a Rest API. type Provider struct { + Insecure bool `description:"Activate REST Provider directly on the entryPoint named traefik." json:"insecure,omitempty" toml:"insecure,omitempty" yaml:"insecure,omitempty" export:"true"` configurationChan chan<- dynamic.Message } @@ -32,6 +33,13 @@ func (p *Provider) Init() error { return nil } +// Handler creates an http.Handler for the Rest API +func (p *Provider) Handler() http.Handler { + router := mux.NewRouter() + p.Append(router) + return router +} + // Append add rest provider routes on a router. func (p *Provider) Append(systemRouter *mux.Router) { systemRouter. diff --git a/pkg/server/router/route_appender_aggregator.go b/pkg/server/router/route_appender_aggregator.go index 71702a6d6..410b7820d 100644 --- a/pkg/server/router/route_appender_aggregator.go +++ b/pkg/server/router/route_appender_aggregator.go @@ -19,30 +19,30 @@ type chainBuilder interface { } // NewRouteAppenderAggregator Creates a new RouteAppenderAggregator -func NewRouteAppenderAggregator(ctx context.Context, chainBuilder chainBuilder, conf static.Configuration, +func NewRouteAppenderAggregator(ctx context.Context, conf static.Configuration, entryPointName string, runtimeConfiguration *runtime.Configuration) *RouteAppenderAggregator { aggregator := &RouteAppenderAggregator{} + if conf.Ping != nil && conf.Ping.EntryPoint == entryPointName { + aggregator.AddAppender(conf.Ping) + } + + if conf.Metrics != nil && conf.Metrics.Prometheus != nil && conf.Metrics.Prometheus.EntryPoint == entryPointName { + aggregator.AddAppender(metrics.PrometheusHandler{}) + } + if entryPointName != "traefik" { return aggregator } - if conf.Providers != nil && conf.Providers.Rest != nil { + if conf.Providers != nil && conf.Providers.Rest != nil && conf.Providers.Rest.Insecure { aggregator.AddAppender(conf.Providers.Rest) } - if conf.API != nil { + if conf.API != nil && conf.API.Insecure { aggregator.AddAppender(api.New(conf, runtimeConfiguration)) } - if conf.Ping != nil { - aggregator.AddAppender(conf.Ping) - } - - if conf.Metrics != nil && conf.Metrics.Prometheus != nil { - aggregator.AddAppender(metrics.PrometheusHandler{}) - } - return aggregator } diff --git a/pkg/server/router/route_appender_aggregator_test.go b/pkg/server/router/route_appender_aggregator_test.go index ffc9c9d6f..bfa27ae58 100644 --- a/pkg/server/router/route_appender_aggregator_test.go +++ b/pkg/server/router/route_appender_aggregator_test.go @@ -6,72 +6,23 @@ import ( "net/http/httptest" "testing" - "github.com/containous/alice" "github.com/containous/traefik/v2/pkg/config/static" - "github.com/containous/traefik/v2/pkg/ping" "github.com/gorilla/mux" "github.com/stretchr/testify/assert" ) -type ChainBuilderMock struct { - middles map[string]alice.Constructor -} - -func (c *ChainBuilderMock) BuildChain(ctx context.Context, middles []string) *alice.Chain { - chain := alice.New() - - for _, mName := range middles { - if constructor, ok := c.middles[mName]; ok { - chain = chain.Append(constructor) - } - } - - return &chain -} - func TestNewRouteAppenderAggregator(t *testing.T) { - t.Skip("Waiting for new api handler implementation") testCases := []struct { desc string staticConf static.Configuration - middles map[string]alice.Constructor expected map[string]int }{ { - desc: "API with auth, ping without auth", + desc: "Secure API", staticConf: static.Configuration{ Global: &static.Global{}, - API: &static.API{ - // EntryPoint: "traefik", - // Middlewares: []string{"dumb"}, - }, - Ping: &ping.Handler{ - // EntryPoint: "traefik", - }, - EntryPoints: static.EntryPoints{ - "traefik": {}, - }, - }, - middles: map[string]alice.Constructor{ - "dumb": func(_ http.Handler) (http.Handler, error) { - return http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { - w.WriteHeader(http.StatusUnauthorized) - }), nil - }, - }, - expected: map[string]int{ - "/wrong": http.StatusBadGateway, - "/ping": http.StatusOK, - // "/.well-known/acme-challenge/token": http.StatusNotFound, // FIXME - "/api/rawdata": http.StatusUnauthorized, - }, - }, - { - desc: "Wrong entrypoint name", - staticConf: static.Configuration{ - Global: &static.Global{}, - API: &static.API{ - // EntryPoint: "no", + API: &static.API{ + Insecure: false, }, EntryPoints: static.EntryPoints{ "traefik": {}, @@ -81,6 +32,21 @@ func TestNewRouteAppenderAggregator(t *testing.T) { "/api/providers": http.StatusBadGateway, }, }, + { + desc: "Insecure API", + staticConf: static.Configuration{ + Global: &static.Global{}, + API: &static.API{ + Insecure: true, + }, + EntryPoints: static.EntryPoints{ + "traefik": {}, + }, + }, + expected: map[string]int{ + "/api/rawdata": http.StatusOK, + }, + }, } for _, test := range testCases { @@ -88,11 +54,9 @@ func TestNewRouteAppenderAggregator(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - chainBuilder := &ChainBuilderMock{middles: test.middles} - ctx := context.Background() - router := NewRouteAppenderAggregator(ctx, chainBuilder, test.staticConf, "traefik", nil) + router := NewRouteAppenderAggregator(ctx, test.staticConf, "traefik", nil) internalMuxRouter := mux.NewRouter() router.Append(internalMuxRouter) diff --git a/pkg/server/router/route_appender_factory.go b/pkg/server/router/route_appender_factory.go index 7831e3b34..21be5d4c9 100644 --- a/pkg/server/router/route_appender_factory.go +++ b/pkg/server/router/route_appender_factory.go @@ -6,7 +6,6 @@ import ( "github.com/containous/traefik/v2/pkg/config/runtime" "github.com/containous/traefik/v2/pkg/config/static" "github.com/containous/traefik/v2/pkg/provider/acme" - "github.com/containous/traefik/v2/pkg/server/middleware" "github.com/containous/traefik/v2/pkg/types" ) @@ -27,8 +26,8 @@ type RouteAppenderFactory struct { } // NewAppender Creates a new RouteAppender -func (r *RouteAppenderFactory) NewAppender(ctx context.Context, middlewaresBuilder *middleware.Builder, runtimeConfiguration *runtime.Configuration) types.RouteAppender { - aggregator := NewRouteAppenderAggregator(ctx, middlewaresBuilder, r.staticConfiguration, r.entryPointName, runtimeConfiguration) +func (r *RouteAppenderFactory) NewAppender(ctx context.Context, runtimeConfiguration *runtime.Configuration) types.RouteAppender { + aggregator := NewRouteAppenderAggregator(ctx, r.staticConfiguration, r.entryPointName, runtimeConfiguration) for _, p := range r.acmeProvider { if p != nil && p.HTTPChallenge != nil && p.HTTPChallenge.EntryPoint == r.entryPointName { diff --git a/pkg/server/router/router_test.go b/pkg/server/router/router_test.go index 1ff4c43f4..b113d5c36 100644 --- a/pkg/server/router/router_test.go +++ b/pkg/server/router/router_test.go @@ -306,7 +306,7 @@ func TestRouterManager_Get(t *testing.T) { Middlewares: test.middlewaresConfig, }, }) - serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil) + serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil, nil, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager) responseModifierFactory := responsemodifiers.NewBuilder(rtConf.Middlewares) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, responseModifierFactory) @@ -407,7 +407,7 @@ func TestAccessLog(t *testing.T) { Middlewares: test.middlewaresConfig, }, }) - serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil) + serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil, nil, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager) responseModifierFactory := responsemodifiers.NewBuilder(rtConf.Middlewares) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, responseModifierFactory) @@ -693,7 +693,7 @@ func TestRuntimeConfiguration(t *testing.T) { Middlewares: test.middlewareConfig, }, }) - serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil) + serviceManager := service.NewManager(rtConf.Services, http.DefaultTransport, nil, nil, nil, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager) responseModifierFactory := responsemodifiers.NewBuilder(map[string]*runtime.MiddlewareInfo{}) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, responseModifierFactory) @@ -767,7 +767,7 @@ func BenchmarkRouterServe(b *testing.B) { Middlewares: map[string]*dynamic.Middleware{}, }, }) - serviceManager := service.NewManager(rtConf.Services, &staticTransport{res}, nil, nil) + serviceManager := service.NewManager(rtConf.Services, &staticTransport{res}, nil, nil, nil, nil) middlewaresBuilder := middleware.NewBuilder(rtConf.Middlewares, serviceManager) responseModifierFactory := responsemodifiers.NewBuilder(rtConf.Middlewares) routerManager := NewManager(rtConf, serviceManager, middlewaresBuilder, responseModifierFactory) @@ -808,7 +808,7 @@ func BenchmarkService(b *testing.B) { Services: serviceConfig, }, }) - serviceManager := service.NewManager(rtConf.Services, &staticTransport{res}, nil, nil) + serviceManager := service.NewManager(rtConf.Services, &staticTransport{res}, nil, nil, nil, nil) w := httptest.NewRecorder() req := testhelpers.MustNewRequest(http.MethodGet, "http://foo.bar/", nil) diff --git a/pkg/server/server.go b/pkg/server/server.go index 5a62e75c7..7a67e46f9 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -9,6 +9,7 @@ import ( "sync" "time" + "github.com/containous/traefik/v2/pkg/api" "github.com/containous/traefik/v2/pkg/config/dynamic" "github.com/containous/traefik/v2/pkg/config/runtime" "github.com/containous/traefik/v2/pkg/config/static" @@ -18,7 +19,6 @@ import ( "github.com/containous/traefik/v2/pkg/middlewares/requestdecorator" "github.com/containous/traefik/v2/pkg/provider" "github.com/containous/traefik/v2/pkg/safe" - "github.com/containous/traefik/v2/pkg/server/middleware" "github.com/containous/traefik/v2/pkg/tls" "github.com/containous/traefik/v2/pkg/tracing" "github.com/containous/traefik/v2/pkg/tracing/jaeger" @@ -44,11 +44,13 @@ type Server struct { requestDecorator *requestdecorator.RequestDecorator providersThrottleDuration time.Duration tlsManager *tls.Manager + api func(configuration *runtime.Configuration) http.Handler + restHandler http.Handler } // RouteAppenderFactory the route appender factory interface type RouteAppenderFactory interface { - NewAppender(ctx context.Context, middlewaresBuilder *middleware.Builder, runtimeConfiguration *runtime.Configuration) types.RouteAppender + NewAppender(ctx context.Context, runtimeConfiguration *runtime.Configuration) types.RouteAppender } func setupTracing(conf *static.Tracing) tracing.Backend { @@ -103,6 +105,14 @@ func setupTracing(conf *static.Tracing) tracing.Backend { func NewServer(staticConfiguration static.Configuration, provider provider.Provider, entryPoints TCPEntryPoints, tlsManager *tls.Manager) *Server { server := &Server{} + if staticConfiguration.API != nil { + server.api = api.NewBuilder(staticConfiguration) + } + + if staticConfiguration.Providers != nil && staticConfiguration.Providers.Rest != nil { + server.restHandler = staticConfiguration.Providers.Rest.Handler() + } + server.provider = provider server.entryPointsTCP = entryPoints server.configurationChan = make(chan dynamic.Message, 100) diff --git a/pkg/server/server_configuration.go b/pkg/server/server_configuration.go index cc9acc707..c4b703504 100644 --- a/pkg/server/server_configuration.go +++ b/pkg/server/server_configuration.go @@ -97,7 +97,12 @@ func (s *Server) createTCPRouters(ctx context.Context, configuration *runtime.Co // createHTTPHandlers returns, for the given configuration and entryPoints, the HTTP handlers for non-TLS connections, and for the TLS ones. the given configuration must not be nil. its fields will get mutated. func (s *Server) createHTTPHandlers(ctx context.Context, configuration *runtime.Configuration, entryPoints []string) (map[string]http.Handler, map[string]http.Handler) { - serviceManager := service.NewManager(configuration.Services, s.defaultRoundTripper, s.metricsRegistry, s.routinesPool) + var apiHandler http.Handler + if s.api != nil { + apiHandler = s.api(configuration) + } + + serviceManager := service.NewManager(configuration.Services, s.defaultRoundTripper, s.metricsRegistry, s.routinesPool, apiHandler, s.restHandler) middlewaresBuilder := middleware.NewBuilder(configuration.Middlewares, serviceManager) responseModifierFactory := responsemodifiers.NewBuilder(configuration.Middlewares) routerManager := router.NewManager(configuration, serviceManager, middlewaresBuilder, responseModifierFactory) @@ -114,7 +119,7 @@ func (s *Server) createHTTPHandlers(ctx context.Context, configuration *runtime. factory := s.entryPointsTCP[entryPointName].RouteAppenderFactory if factory != nil { // FIXME remove currentConfigurations - appender := factory.NewAppender(ctx, middlewaresBuilder, configuration) + appender := factory.NewAppender(ctx, configuration) appender.Append(internalMuxRouter) } diff --git a/pkg/server/service/service.go b/pkg/server/service/service.go index 1595d0452..1181b2584 100644 --- a/pkg/server/service/service.go +++ b/pkg/server/service/service.go @@ -34,7 +34,7 @@ const ( ) // NewManager creates a new Manager -func NewManager(configs map[string]*runtime.ServiceInfo, defaultRoundTripper http.RoundTripper, metricsRegistry metrics.Registry, routinePool *safe.Pool) *Manager { +func NewManager(configs map[string]*runtime.ServiceInfo, defaultRoundTripper http.RoundTripper, metricsRegistry metrics.Registry, routinePool *safe.Pool, api http.Handler, rest http.Handler) *Manager { return &Manager{ routinePool: routinePool, metricsRegistry: metricsRegistry, @@ -42,6 +42,8 @@ func NewManager(configs map[string]*runtime.ServiceInfo, defaultRoundTripper htt defaultRoundTripper: defaultRoundTripper, balancers: make(map[string][]healthcheck.BalancerHandler), configs: configs, + api: api, + rest: rest, } } @@ -53,10 +55,26 @@ type Manager struct { defaultRoundTripper http.RoundTripper balancers map[string][]healthcheck.BalancerHandler configs map[string]*runtime.ServiceInfo + api http.Handler + rest http.Handler } // BuildHTTP Creates a http.Handler for a service configuration. func (m *Manager) BuildHTTP(rootCtx context.Context, serviceName string, responseModifier func(*http.Response) error) (http.Handler, error) { + if serviceName == "api@internal" { + if m.api == nil { + return nil, errors.New("api is not enabled") + } + return m.api, nil + } + + if serviceName == "rest@internal" { + if m.rest == nil { + return nil, errors.New("rest is not enabled") + } + return m.rest, nil + } + ctx := log.With(rootCtx, log.Str(log.ServiceName, serviceName)) serviceName = internal.GetQualifiedName(ctx, serviceName) diff --git a/pkg/server/service/service_test.go b/pkg/server/service/service_test.go index c2bb707b7..9fb0edd09 100644 --- a/pkg/server/service/service_test.go +++ b/pkg/server/service/service_test.go @@ -80,7 +80,7 @@ func TestGetLoadBalancer(t *testing.T) { } func TestGetLoadBalancerServiceHandler(t *testing.T) { - sm := NewManager(nil, http.DefaultTransport, nil, nil) + sm := NewManager(nil, http.DefaultTransport, nil, nil, nil, nil) server1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-From", "first") @@ -332,7 +332,7 @@ func TestManager_Build(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - manager := NewManager(test.configs, http.DefaultTransport, nil, nil) + manager := NewManager(test.configs, http.DefaultTransport, nil, nil, nil, nil) ctx := context.Background() if len(test.providerName) > 0 { @@ -353,7 +353,7 @@ func TestMultipleTypeOnBuildHTTP(t *testing.T) { Weighted: &dynamic.WeightedRoundRobin{}, }, }, - }, http.DefaultTransport, nil, nil) + }, http.DefaultTransport, nil, nil, nil, nil) _, err := manager.BuildHTTP(context.Background(), "test@file", nil) assert.Error(t, err, "cannot create service: multi-types service not supported, consider declaring two different pieces of service instead") diff --git a/pkg/types/metrics.go b/pkg/types/metrics.go index dc25367b7..4fcebf550 100644 --- a/pkg/types/metrics.go +++ b/pkg/types/metrics.go @@ -17,6 +17,7 @@ type Prometheus struct { Buckets []float64 `description:"Buckets for latency metrics." json:"buckets,omitempty" toml:"buckets,omitempty" yaml:"buckets,omitempty" export:"true"` AddEntryPointsLabels bool `description:"Enable metrics on entry points." json:"addEntryPointsLabels,omitempty" toml:"addEntryPointsLabels,omitempty" yaml:"addEntryPointsLabels,omitempty" export:"true"` AddServicesLabels bool `description:"Enable metrics on services." json:"addServicesLabels,omitempty" toml:"addServicesLabels,omitempty" yaml:"addServicesLabels,omitempty" export:"true"` + EntryPoint string `description:"EntryPoint" export:"true" json:"entryPoint,omitempty" toml:"entryPoint,omitempty" yaml:"entryPoint,omitempty"` } // SetDefaults sets the default values. @@ -24,6 +25,7 @@ func (p *Prometheus) SetDefaults() { p.Buckets = []float64{0.1, 0.3, 1.2, 5} p.AddEntryPointsLabels = true p.AddServicesLabels = true + p.EntryPoint = "traefik" } // Datadog contains address and metrics pushing interval configuration.