Co-authored-by: juliens <julien@containo.us>
6.5 KiB
Middlewares
Tweaking the Request {: .subtitle }
Attached to the routers, pieces of middleware are a mean of tweaking the requests before they are sent to your service (or before the answer from the services are sent to the clients).
There are many different available middlewares in Traefik, some can modify the request, the headers, some are in charge of redirections, some add authentication, and so on.
Pieces of middleware can be combined in chains to fit every scenario.
Configuration Example
# As a Docker Label
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# As a Kubernetes Traefik IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix
spec:
stripprefix:
prefixes:
- /stripit
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute
spec:
# more fields...
routes:
# more fields...
middlewares:
- name: stripprefix
"labels": {
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo"
}
# As a Rancher Label
labels:
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
namespace: default
spec:
minversion: VersionTLS12
# As Toml Configuration File
[providers]
[providers.file]
[http.routers]
[http.routers.router1]
Service = "myService"
Middlewares = ["foo-add-prefix"]
Rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.AddPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.LoadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
Advanced Configuration
When you declare a middleware, it lives in its provider
namespace.
For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider
namespace.
If you use multiple providers
and wish to reference a middleware declared in another provider
, then you'll have to prefix the middleware name with the provider
name.
??? abstract "Referencing a Middleware from Another Provider"
Declaring the add-foo-prefix in the file provider.
```toml
[providers]
[providers.file]
[http.middlewares]
[http.middlewares.add-foo-prefix.AddPrefix]
prefix = "/foo"
```
Using the add-foo-prefix middleware from docker.
```yaml
your-container: #
image: your-docker-image
labels:
# Attach add-foo-prefix@file middleware (declared in file)
- "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
```
Available Middlewares
Middleware | Purpose | Area |
---|---|---|
AddPrefix | Add a Path Prefix | Path Modifier |
BasicAuth | Basic auth mechanism | Security, Authentication |
Buffering | Buffers the request/response | Request Lifecycle |
Chain | Combine multiple pieces of middleware | Middleware tool |
CircuitBreaker | Stop calling unhealthy services | Request Lifecycle |
Compress | Compress the response | Content Modifier |
DigestAuth | Adds Digest Authentication | Security, Authentication |
Errors | Define custom error pages | Request Lifecycle |
ForwardAuth | Authentication delegation | Security, Authentication |
Headers | Add / Update headers | Security |
IPWhiteList | Limit the allowed client IPs | Security, Request lifecycle |
MaxConnection | Limit the number of simultaneous connections | Security, Request lifecycle |
PassTLSClientCert | Adding Client Certificates in a Header | Security |
RateLimit | Limit the call frequency | Security, Request lifecycle |
RedirectScheme | Redirect easily the client elsewhere | Request lifecycle |
RedirectRegex | Redirect the client elsewhere | Request lifecycle |
ReplacePath | Change the path of the request | Path Modifier |
ReplacePathRegex | Change the path of the request | Path Modifier |
Retry | Automatically retry the request in case of errors | Request lifecycle |
StripPrefix | Change the path of the request | Path Modifier |
StripPrefixRegex | Change the path of the request | Path Modifier |