package docker import ( "context" "math" "strconv" "strings" "github.com/containous/traefik/log" "github.com/containous/traefik/provider" "github.com/containous/traefik/provider/label" "github.com/containous/traefik/types" "github.com/docker/go-connections/nat" ) const ( labelDockerNetwork = "traefik.docker.network" labelBackendLoadBalancerSwarm = "traefik.backend.loadbalancer.swarm" labelDockerComposeProject = "com.docker.compose.project" labelDockerComposeService = "com.docker.compose.service" ) // Specific functions func (p Provider) getFrontendName(container dockerData, idx int) string { return provider.Normalize(p.getFrontendRule(container) + "-" + strconv.Itoa(idx)) } // GetFrontendRule returns the frontend rule for the specified container, using // it's label. It returns a default one (Host) if the label is not present. func (p Provider) getFrontendRule(container dockerData) string { if value := label.GetStringValue(container.Labels, label.TraefikFrontendRule, ""); len(value) != 0 { return value } if values, err := label.GetStringMultipleStrict(container.Labels, labelDockerComposeProject, labelDockerComposeService); err == nil { return "Host:" + getSubDomain(values[labelDockerComposeService]+"."+values[labelDockerComposeProject]) + "." + p.Domain } if len(p.Domain) > 0 { return "Host:" + getSubDomain(container.ServiceName) + "." + p.Domain } return "" } func (p Provider) getIPAddress(container dockerData) string { if value := label.GetStringValue(container.Labels, labelDockerNetwork, ""); value != "" { networkSettings := container.NetworkSettings if networkSettings.Networks != nil { network := networkSettings.Networks[value] if network != nil { return network.Addr } log.Warnf("Could not find network named '%s' for container '%s'! Maybe you're missing the project's prefix in the label? Defaulting to first available network.", value, container.Name) } } if container.NetworkSettings.NetworkMode.IsHost() { if container.Node != nil { if container.Node.IPAddress != "" { return container.Node.IPAddress } } return "127.0.0.1" } if container.NetworkSettings.NetworkMode.IsContainer() { dockerClient, err := p.createClient() if err != nil { log.Warnf("Unable to get IP address for container %s, error: %s", container.Name, err) return "" } connectedContainer := container.NetworkSettings.NetworkMode.ConnectedContainer() containerInspected, err := dockerClient.ContainerInspect(context.Background(), connectedContainer) if err != nil { log.Warnf("Unable to get IP address for container %s : Failed to inspect container ID %s, error: %s", container.Name, connectedContainer, err) return "" } return p.getIPAddress(parseContainer(containerInspected)) } if p.UseBindPortIP { port := getPort(container) for netPort, portBindings := range container.NetworkSettings.Ports { if string(netPort) == port+"/TCP" || string(netPort) == port+"/UDP" { for _, p := range portBindings { return p.HostIP } } } } for _, network := range container.NetworkSettings.Networks { return network.Addr } return "" } func getBackendName(container dockerData) string { if value := label.GetStringValue(container.Labels, label.TraefikBackend, ""); len(value) != 0 { return provider.Normalize(value) } if values, err := label.GetStringMultipleStrict(container.Labels, labelDockerComposeProject, labelDockerComposeService); err == nil { return provider.Normalize(values[labelDockerComposeService] + "_" + values[labelDockerComposeProject]) } return provider.Normalize(container.ServiceName) } func getPort(container dockerData) string { if value := label.GetStringValue(container.Labels, label.TraefikPort, ""); len(value) != 0 { return value } // See iteration order in https://blog.golang.org/go-maps-in-action var ports []nat.Port for port := range container.NetworkSettings.Ports { ports = append(ports, port) } less := func(i, j nat.Port) bool { return i.Int() < j.Int() } nat.Sort(ports, less) if len(ports) > 0 { min := ports[0] return min.Port() } return "" } // Escape beginning slash "/", convert all others to dash "-", and convert underscores "_" to dash "-" func getSubDomain(name string) string { return strings.Replace(strings.Replace(strings.TrimPrefix(name, "/"), "/", "-", -1), "_", "-", -1) } func isBackendLBSwarm(container dockerData) bool { return label.GetBoolValue(container.Labels, labelBackendLoadBalancerSwarm, false) } func getMaxConn(container dockerData) *types.MaxConn { amount := label.GetInt64Value(container.Labels, label.TraefikBackendMaxConnAmount, math.MinInt64) extractorFunc := label.GetStringValue(container.Labels, label.TraefikBackendMaxConnExtractorFunc, label.DefaultBackendMaxconnExtractorFunc) if amount == math.MinInt64 || len(extractorFunc) == 0 { return nil } return &types.MaxConn{ Amount: amount, ExtractorFunc: extractorFunc, } } func getLoadBalancer(container dockerData) *types.LoadBalancer { if !label.HasPrefix(container.Labels, label.TraefikBackendLoadBalancer) { return nil } method := label.GetStringValue(container.Labels, label.TraefikBackendLoadBalancerMethod, label.DefaultBackendLoadBalancerMethod) lb := &types.LoadBalancer{ Method: method, Sticky: getSticky(container), } if label.GetBoolValue(container.Labels, label.TraefikBackendLoadBalancerStickiness, false) { cookieName := label.GetStringValue(container.Labels, label.TraefikBackendLoadBalancerStickinessCookieName, label.DefaultBackendLoadbalancerStickinessCookieName) lb.Stickiness = &types.Stickiness{CookieName: cookieName} } return lb } // TODO: Deprecated // replaced by Stickiness // Deprecated func getSticky(container dockerData) bool { if label.Has(container.Labels, label.TraefikBackendLoadBalancerSticky) { log.Warnf("Deprecated configuration found: %s. Please use %s.", label.TraefikBackendLoadBalancerSticky, label.TraefikBackendLoadBalancerStickiness) } return label.GetBoolValue(container.Labels, label.TraefikBackendLoadBalancerSticky, false) } func getCircuitBreaker(container dockerData) *types.CircuitBreaker { circuitBreaker := label.GetStringValue(container.Labels, label.TraefikBackendCircuitBreakerExpression, "") if len(circuitBreaker) == 0 { return nil } return &types.CircuitBreaker{Expression: circuitBreaker} } func getHealthCheck(container dockerData) *types.HealthCheck { path := label.GetStringValue(container.Labels, label.TraefikBackendHealthCheckPath, "") if len(path) == 0 { return nil } port := label.GetIntValue(container.Labels, label.TraefikBackendHealthCheckPort, label.DefaultBackendHealthCheckPort) interval := label.GetStringValue(container.Labels, label.TraefikBackendHealthCheckInterval, "") return &types.HealthCheck{ Path: path, Port: port, Interval: interval, } } func getBuffering(container dockerData) *types.Buffering { if !label.HasPrefix(container.Labels, label.TraefikBackendBuffering) { return nil } return &types.Buffering{ MaxRequestBodyBytes: label.GetInt64Value(container.Labels, label.TraefikBackendBufferingMaxRequestBodyBytes, 0), MaxResponseBodyBytes: label.GetInt64Value(container.Labels, label.TraefikBackendBufferingMaxResponseBodyBytes, 0), MemRequestBodyBytes: label.GetInt64Value(container.Labels, label.TraefikBackendBufferingMemRequestBodyBytes, 0), MemResponseBodyBytes: label.GetInt64Value(container.Labels, label.TraefikBackendBufferingMemResponseBodyBytes, 0), RetryExpression: label.GetStringValue(container.Labels, label.TraefikBackendBufferingRetryExpression, ""), } } func getRedirect(container dockerData) *types.Redirect { permanent := label.GetBoolValue(container.Labels, label.TraefikFrontendRedirectPermanent, false) if label.Has(container.Labels, label.TraefikFrontendRedirectEntryPoint) { return &types.Redirect{ EntryPoint: label.GetStringValue(container.Labels, label.TraefikFrontendRedirectEntryPoint, ""), Permanent: permanent, } } if label.Has(container.Labels, label.TraefikFrontendRedirectRegex) && label.Has(container.Labels, label.TraefikFrontendRedirectReplacement) { return &types.Redirect{ Regex: label.GetStringValue(container.Labels, label.TraefikFrontendRedirectRegex, ""), Replacement: label.GetStringValue(container.Labels, label.TraefikFrontendRedirectReplacement, ""), Permanent: permanent, } } return nil } func getErrorPages(container dockerData) map[string]*types.ErrorPage { prefix := label.Prefix + label.BaseFrontendErrorPage return label.ParseErrorPages(container.Labels, prefix, label.RegexpFrontendErrorPage) } func getRateLimit(container dockerData) *types.RateLimit { extractorFunc := label.GetStringValue(container.Labels, label.TraefikFrontendRateLimitExtractorFunc, "") if len(extractorFunc) == 0 { return nil } prefix := label.Prefix + label.BaseFrontendRateLimit limits := label.ParseRateSets(container.Labels, prefix, label.RegexpFrontendRateLimit) return &types.RateLimit{ ExtractorFunc: extractorFunc, RateSet: limits, } } func getHeaders(container dockerData) *types.Headers { headers := &types.Headers{ CustomRequestHeaders: label.GetMapValue(container.Labels, label.TraefikFrontendRequestHeaders), CustomResponseHeaders: label.GetMapValue(container.Labels, label.TraefikFrontendResponseHeaders), SSLProxyHeaders: label.GetMapValue(container.Labels, label.TraefikFrontendSSLProxyHeaders), AllowedHosts: label.GetSliceStringValue(container.Labels, label.TraefikFrontendAllowedHosts), HostsProxyHeaders: label.GetSliceStringValue(container.Labels, label.TraefikFrontendHostsProxyHeaders), STSSeconds: label.GetInt64Value(container.Labels, label.TraefikFrontendSTSSeconds, 0), SSLRedirect: label.GetBoolValue(container.Labels, label.TraefikFrontendSSLRedirect, false), SSLTemporaryRedirect: label.GetBoolValue(container.Labels, label.TraefikFrontendSSLTemporaryRedirect, false), STSIncludeSubdomains: label.GetBoolValue(container.Labels, label.TraefikFrontendSTSIncludeSubdomains, false), STSPreload: label.GetBoolValue(container.Labels, label.TraefikFrontendSTSPreload, false), ForceSTSHeader: label.GetBoolValue(container.Labels, label.TraefikFrontendForceSTSHeader, false), FrameDeny: label.GetBoolValue(container.Labels, label.TraefikFrontendFrameDeny, false), ContentTypeNosniff: label.GetBoolValue(container.Labels, label.TraefikFrontendContentTypeNosniff, false), BrowserXSSFilter: label.GetBoolValue(container.Labels, label.TraefikFrontendBrowserXSSFilter, false), IsDevelopment: label.GetBoolValue(container.Labels, label.TraefikFrontendIsDevelopment, false), SSLHost: label.GetStringValue(container.Labels, label.TraefikFrontendSSLHost, ""), CustomFrameOptionsValue: label.GetStringValue(container.Labels, label.TraefikFrontendCustomFrameOptionsValue, ""), ContentSecurityPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""), PublicKey: label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""), ReferrerPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""), } if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { return nil } return headers } // Deprecated func hasLoadBalancerLabel(container dockerData) bool { method := label.Has(container.Labels, label.TraefikBackendLoadBalancerMethod) sticky := label.Has(container.Labels, label.TraefikBackendLoadBalancerSticky) stickiness := label.Has(container.Labels, label.TraefikBackendLoadBalancerStickiness) cookieName := label.Has(container.Labels, label.TraefikBackendLoadBalancerStickinessCookieName) return method || sticky || stickiness || cookieName } // Deprecated func hasMaxConnLabels(container dockerData) bool { mca := label.Has(container.Labels, label.TraefikBackendMaxConnAmount) mcef := label.Has(container.Labels, label.TraefikBackendMaxConnExtractorFunc) return mca && mcef } // Label functions func getFuncStringLabel(labelName string, defaultValue string) func(container dockerData) string { return func(container dockerData) string { return label.GetStringValue(container.Labels, labelName, defaultValue) } } func getFuncBoolLabel(labelName string, defaultValue bool) func(container dockerData) bool { return func(container dockerData) bool { return label.GetBoolValue(container.Labels, labelName, defaultValue) } } func getFuncSliceStringLabel(labelName string) func(container dockerData) []string { return func(container dockerData) []string { return label.GetSliceStringValue(container.Labels, labelName) } } func getFuncIntLabel(labelName string, defaultValue int) func(container dockerData) int { return func(container dockerData) int { return label.GetIntValue(container.Labels, labelName, defaultValue) } } func getFuncInt64Label(labelName string, defaultValue int64) func(container dockerData) int64 { return func(container dockerData) int64 { return label.GetInt64Value(container.Labels, labelName, defaultValue) } } // Deprecated func hasFunc(labelName string) func(container dockerData) bool { return func(container dockerData) bool { return label.Has(container.Labels, labelName) } }