Improve documentation of the router rules for API and dashboard

2019-10-25 17:32:04 +02:00 · 2019-10-25 17:32:04 +02:00 · 1f734630b9
commit 1f734630b9
parent 355fe6195e
3 changed files with 142 additions and 19 deletions
--- a/docs/content/operations/dashboard.md
+++ b/docs/content/operations/dashboard.md
@ -28,7 +28,8 @@ There are 2 ways to configure and access the dashboard:

 This is the **recommended** method.

-Start by enabling the dashboard by using the following option from [Traefik's API](./api.md):
+Start by enabling the dashboard by using the following option from [Traefik's API](./api.md)
+on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):

 ```toml tab="File (TOML)"
 [api]
@ -59,17 +60,103 @@ api:
 --api.dashboard=true
 ```

-Then specify a router associated to the service `api@internal` to allow:
+Then define a routing configuration on Traefik itself, 
+with a router attached to the service `api@internal` in the 
+[dynamic configuration](../getting-started/configuration-overview.md#the-dynamic-configuration),
+to allow defining:

- Defining one or more security features through [middlewares](../middlewares/overview.md)
+- One or more security features through [middlewares](../middlewares/overview.md)
  like authentication ([basicAuth](../middlewares/basicauth.md) , [digestAuth](../middlewares/digestauth.md),
  [forwardAuth](../middlewares/forwardauth.md)) or [whitelisting](../middlewares/ipwhitelist.md).

- Defining your own [HTTP routing rule](../../routing/routers/#rule) for accessing the dashboard,
+- A [router rule](#dashboard-router-rule) for accessing the dashboard,
  through Traefik itself (sometimes referred as "Traefik-ception").

-Please visit the ["Configuration" section of the API documentation](./api.md#configuration)
-to learn about configuring a router with the service `api@internal` and enabling the security features.
+??? example "Dashboard Dynamic Configuration Examples"
+
+    ```yaml tab="Docker"
+    # Dynamic Configuration
+    labels:
+      - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
+    ```
+
+    ```json tab="Marathon"
+    "labels": {
+      "traefik.http.routers.api.rule": "Host(`traefik.domain.com`)",
+      "traefik.http.routers.api.service": "api@internal",
+      "traefik.http.routers.api.middlewares": "auth",
+      "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
+    }
+    ```
+
+    ```yaml tab="Rancher"
+    # Dynamic Configuration
+    labels:
+      - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
+    ```
+
+    ```toml tab="File (TOML)"
+    # Dynamic Configuration
+    [http.routers.my-api]
+        rule="Host(`traefik.domain.com`)
+        service="api@internal"
+        middlewares=["auth"]
+
+    [http.middlewares.auth.basicAuth]
+        users = [
+          "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
+          "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
+        ]
+    ```
+
+    ```yaml tab="File (YAML)"
+    # Dynamic Configuration
+    http:
+      routers:
+        api:
+          rule: Host(`traefik.domain.com`)
+          service: api@internal
+          middlewares:
+            - auth
+      middlewares:
+        auth:
+          basicAuth:
+            users:
+              - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
+              - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
+    ```
+
+### Dashboard Router Rule
+
+As underlined in the [documentation for the `api.dashboard` option](./api.md#dashboard),
+the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
+the path prefixes `/api` and `/dashboard`.
+
+We recommend to use a "Host Based rule" as ```Host(`traefik.domain.com`)``` to match everything on the host domain,
+or to make sure that the defined rule captures both prefixes:
+
+```bash tab="Host Rule"
+# Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
+rule = "Host(`traefik.domain.com`)"
+```
+
+```bash tab="Path Prefix Rule"
+# Matches http://traefik.domain.com/api , http://domain.com/api or http://traefik.domain.com/dashboard
+# but does not match http://traefik.domain.com/hello
+rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
+```
+
+```bash tab="Combination of Rules"
+# Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
+# but does not match http://traefik.domain.com/hello
+rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+```

 ## Insecure Mode