289 lines
9.7 KiB
Cheetah
289 lines
9.7 KiB
Cheetah
[backends]
|
|
{{range $backend := List .Prefix "/backends/" }}
|
|
{{ $backendName := Last $backend }}
|
|
|
|
{{ $circuitBreaker := getCircuitBreaker $backend }}
|
|
{{if $circuitBreaker }}
|
|
[backends."{{ $backendName }}".circuitBreaker]
|
|
expression = "{{ $circuitBreaker.Expression }}"
|
|
{{end}}
|
|
|
|
{{ $responseForwarding := getResponseForwarding $backend }}
|
|
{{if $responseForwarding }}
|
|
[backends."{{ $backendName }}".responseForwarding]
|
|
flushInterval = "{{ $responseForwarding.flushInterval }}"
|
|
{{end}}
|
|
|
|
{{ $loadBalancer := getLoadBalancer $backend }}
|
|
{{if $loadBalancer }}
|
|
[backends."{{ $backendName }}".loadBalancer]
|
|
method = "{{ $loadBalancer.Method }}"
|
|
{{if $loadBalancer.Stickiness }}
|
|
[backends."{{ $backendName }}".loadBalancer.stickiness]
|
|
cookieName = "{{ $loadBalancer.Stickiness.CookieName }}"
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $maxConn := getMaxConn $backend }}
|
|
{{if $maxConn }}
|
|
[backends."{{ $backendName }}".maxConn]
|
|
extractorFunc = "{{ $maxConn.ExtractorFunc }}"
|
|
amount = {{ $maxConn.Amount }}
|
|
{{end}}
|
|
|
|
{{ $healthCheck := getHealthCheck $backend }}
|
|
{{if $healthCheck }}
|
|
[backends."{{ $backendName }}".healthCheck]
|
|
scheme = "{{ $healthCheck.Scheme }}"
|
|
path = "{{ $healthCheck.Path }}"
|
|
port = {{ $healthCheck.Port }}
|
|
interval = "{{ $healthCheck.Interval }}"
|
|
timeout = "{{ $healthCheck.Timeout }}"
|
|
hostname = "{{ $healthCheck.Hostname }}"
|
|
{{if $healthCheck.Headers }}
|
|
[backends."{{ $backendName }}".healthCheck.headers]
|
|
{{range $k, $v := $healthCheck.Headers }}
|
|
{{$k}} = "{{$v}}"
|
|
{{end}}
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $buffering := getBuffering $backend }}
|
|
{{if $buffering }}
|
|
[backends."{{ $backendName }}".buffering]
|
|
maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
|
|
memRequestBodyBytes = {{ $buffering.MemRequestBodyBytes }}
|
|
maxResponseBodyBytes = {{ $buffering.MaxResponseBodyBytes }}
|
|
memResponseBodyBytes = {{ $buffering.MemResponseBodyBytes }}
|
|
retryExpression = "{{ $buffering.RetryExpression }}"
|
|
{{end}}
|
|
|
|
{{range $serverName, $server := getServers $backend}}
|
|
[backends."{{ $backendName }}".servers."{{ $serverName }}"]
|
|
url = "{{ $server.URL }}"
|
|
weight = {{ $server.Weight }}
|
|
{{end}}
|
|
|
|
{{end}}
|
|
|
|
[frontends]
|
|
{{range $frontend := List .Prefix "/frontends/" }}
|
|
{{ $frontendName := Last $frontend }}
|
|
|
|
[frontends."{{ $frontendName }}"]
|
|
backend = "{{ getBackendName $frontend }}"
|
|
priority = {{ getPriority $frontend }}
|
|
passHostHeader = {{ getPassHostHeader $frontend }}
|
|
passTLSCert = {{ getPassTLSCert $frontend }}
|
|
|
|
entryPoints = [{{range getEntryPoints $frontend }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
|
|
{{ $tlsClientCert := getPassTLSClientCert $frontend }}
|
|
{{if $tlsClientCert }}
|
|
[frontends."{{ $frontendName }}".passTLSClientCert]
|
|
pem = {{ $tlsClientCert.PEM }}
|
|
{{ $infos := $tlsClientCert.Infos }}
|
|
{{if $infos }}
|
|
[frontends."{{ $frontendName }}".passTLSClientCert.infos]
|
|
notAfter = {{ $infos.NotAfter }}
|
|
notBefore = {{ $infos.NotBefore }}
|
|
sans = {{ $infos.Sans }}
|
|
{{ $subject := $infos.Subject }}
|
|
{{if $subject }}
|
|
[frontends."{{ $frontendName }}".passTLSClientCert.infos.subject]
|
|
country = {{ $subject.Country }}
|
|
province = {{ $subject.Province }}
|
|
locality = {{ $subject.Locality }}
|
|
organization = {{ $subject.Organization }}
|
|
commonName = {{ $subject.CommonName }}
|
|
serialNumber = {{ $subject.SerialNumber }}
|
|
domainComponent = {{ $subject.DomainComponent }}
|
|
{{end}}
|
|
{{ $issuer := $infos.Subject }}
|
|
{{if $issuer }}
|
|
[frontends."{{ $frontendName }}".passTLSClientCert.infos.issuer]
|
|
country = {{ $issuer.Country }}
|
|
province = {{ $issuer.Province }}
|
|
locality = {{ $issuer.Locality }}
|
|
organization = {{ $issuer.Organization }}
|
|
commonName = {{ $issuer.CommonName }}
|
|
serialNumber = {{ $issuer.SerialNumber }}
|
|
domainComponent = {{ $issuer.DomainComponent }}
|
|
{{end}}
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $auth := getAuth $frontend }}
|
|
{{if $auth }}
|
|
[frontends."{{ $frontendName }}".auth]
|
|
headerField = "{{ $auth.HeaderField }}"
|
|
|
|
{{if $auth.Forward }}
|
|
[frontends."{{ $frontendName }}".auth.forward]
|
|
address = "{{ $auth.Forward.Address }}"
|
|
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
|
|
{{if $auth.Forward.AuthResponseHeaders }}
|
|
authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
|
|
{{if $auth.Forward.TLS }}
|
|
[frontends."{{ $frontendName }}".auth.forward.tls]
|
|
ca = "{{ $auth.Forward.TLS.CA }}"
|
|
caOptional = {{ $auth.Forward.TLS.CAOptional }}
|
|
cert = """{{ $auth.Forward.TLS.Cert }}"""
|
|
key = """{{ $auth.Forward.TLS.Key }}"""
|
|
insecureSkipVerify = {{ $auth.Forward.TLS.InsecureSkipVerify }}
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{if $auth.Basic }}
|
|
[frontends."{{ $frontendName }}".auth.basic]
|
|
removeHeader = {{ $auth.Basic.RemoveHeader }}
|
|
{{if $auth.Basic.Users }}
|
|
users = [{{range $auth.Basic.Users }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
usersFile = "{{ $auth.Basic.UsersFile }}"
|
|
{{end}}
|
|
|
|
{{if $auth.Digest }}
|
|
[frontends."{{ $frontendName }}".auth.digest]
|
|
removeHeader = {{ $auth.Digest.RemoveHeader }}
|
|
{{if $auth.Digest.Users }}
|
|
users = [{{range $auth.Digest.Users }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
usersFile = "{{ $auth.Digest.UsersFile }}"
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $whitelist := getWhiteList $frontend }}
|
|
{{if $whitelist }}
|
|
[frontends."{{ $frontendName }}".whiteList]
|
|
sourceRange = [{{range $whitelist.SourceRange }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{if $whitelist.IPStrategy }}
|
|
[frontends."{{ $frontendName }}".whiteList.IPStrategy]
|
|
depth = {{ $whitelist.IPStrategy.Depth }}
|
|
excludedIPs = [{{range $whitelist.IPStrategy.ExcludedIPs }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $redirect := getRedirect $frontend }}
|
|
{{if $redirect }}
|
|
[frontends."{{ $frontendName }}".redirect]
|
|
entryPoint = "{{ $redirect.EntryPoint }}"
|
|
regex = "{{ $redirect.Regex }}"
|
|
replacement = "{{ $redirect.Replacement }}"
|
|
permanent = {{ $redirect.Permanent }}
|
|
{{end}}
|
|
|
|
{{ $errorPages := getErrorPages $frontend }}
|
|
{{if $errorPages }}
|
|
[frontends."{{ $frontendName }}".errors]
|
|
{{range $pageName, $page := $errorPages }}
|
|
[frontends."{{$frontendName}}".errors."{{ $pageName }}"]
|
|
status = [{{range $page.Status }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
backend = "{{$page.Backend}}"
|
|
query = "{{$page.Query}}"
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $rateLimit := getRateLimit $frontend }}
|
|
{{if $rateLimit }}
|
|
[frontends."{{ $frontendName }}".rateLimit]
|
|
extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
|
|
[frontends."{{ $frontendName }}".rateLimit.rateSet]
|
|
{{range $limitName, $rateLimit := $rateLimit.RateSet }}
|
|
[frontends."{{ $frontendName }}".rateLimit.rateSet."{{ $limitName }}"]
|
|
period = "{{ $rateLimit.Period }}"
|
|
average = {{ $rateLimit.Average }}
|
|
burst = {{ $rateLimit.Burst }}
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{ $headers := getHeaders $frontend }}
|
|
{{if $headers }}
|
|
[frontends."{{ $frontendName }}".headers]
|
|
SSLRedirect = {{ $headers.SSLRedirect }}
|
|
SSLTemporaryRedirect = {{ $headers.SSLTemporaryRedirect }}
|
|
SSLHost = "{{ $headers.SSLHost }}"
|
|
SSLForceHost = {{ $headers.SSLForceHost }}
|
|
STSSeconds = {{ $headers.STSSeconds }}
|
|
STSIncludeSubdomains = {{ $headers.STSIncludeSubdomains }}
|
|
STSPreload = {{ $headers.STSPreload }}
|
|
ForceSTSHeader = {{ $headers.ForceSTSHeader }}
|
|
FrameDeny = {{ $headers.FrameDeny }}
|
|
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
|
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
|
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
|
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
|
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
|
PublicKey = "{{ $headers.PublicKey }}"
|
|
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
|
IsDevelopment = {{ $headers.IsDevelopment }}
|
|
|
|
{{if $headers.AllowedHosts }}
|
|
AllowedHosts = [{{range $headers.AllowedHosts }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
|
|
{{if $headers.HostsProxyHeaders }}
|
|
HostsProxyHeaders = [{{range $headers.HostsProxyHeaders }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
{{end}}
|
|
|
|
{{if $headers.CustomRequestHeaders }}
|
|
[frontends."{{ $frontendName }}".headers.customRequestHeaders]
|
|
{{range $k, $v := $headers.CustomRequestHeaders }}
|
|
{{$k}} = "{{$v}}"
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{if $headers.CustomResponseHeaders }}
|
|
[frontends."{{ $frontendName }}".headers.customResponseHeaders]
|
|
{{range $k, $v := $headers.CustomResponseHeaders }}
|
|
{{$k}} = "{{$v}}"
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{if $headers.SSLProxyHeaders }}
|
|
[frontends."{{ $frontendName }}".headers.SSLProxyHeaders]
|
|
{{range $k, $v := $headers.SSLProxyHeaders}}
|
|
{{$k}} = "{{$v}}"
|
|
{{end}}
|
|
{{end}}
|
|
{{end}}
|
|
|
|
{{range $routeName, $route := getRoutes $frontend }}
|
|
[frontends."{{ $frontendName }}".routes."{{ $routeName }}"]
|
|
rule = "{{ $route.Rule }}"
|
|
{{end}}
|
|
|
|
{{end}}
|
|
|
|
{{range $tls := getTLSSection .Prefix }}
|
|
[[tls]]
|
|
|
|
entryPoints = [{{range $tls.EntryPoints }}
|
|
"{{.}}",
|
|
{{end}}]
|
|
|
|
[tls.certificate]
|
|
certFile = """{{ $tls.Certificate.CertFile }}"""
|
|
keyFile = """{{ $tls.Certificate.KeyFile }}"""
|
|
|
|
{{end}}
|