homelab/traefik
1
0
Fork 0
Code Activity

Middleware documentation fixes

Browse source
This commit is contained in:
Brendan Le Glaunec 2021-02-11 14:34:04 +01:00 committed by GitHub
parent 5ef6297daa
commit 502c88ee3f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 536 additions and 490 deletions
Download patch file Download diff file Expand all files Collapse all files

101
docs/content/middlewares/ratelimit.md
View file

@ -3,7 +3,7 @@
To Control the Number of Requests Going to a Service
{: .subtitle }
The RateLimit middleware ensures that services will receive a _fair_ number of requests, and allows one to define what fair is.
The RateLimit middleware ensures that services will receive a _fair_ amount of requests, and allows one to define what fair is.
## Configuration Example
@ -74,7 +74,7 @@ http:
### `average`
`average` is the maximum rate, by default in requests by second, allowed for the given source.
`average` is the maximum rate, by default in requests per second, allowed from a given source.
It defaults to `0`, which means no rate limiting.
@ -219,7 +219,7 @@ spec:
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```json tab="Marathon"
@ -230,7 +230,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```toml tab="File (TOML)"
@ -248,25 +248,25 @@ http:
```
### `sourceCriterion`
SourceCriterion defines what criterion is used to group requests as originating from a common source.
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
If none are set, the default is to use the request's remote address field (as an `ipStrategy`).
#### `sourceCriterion.ipStrategy`
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
##### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is lesser than or equal to 0.
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty.
- `depth` is ignored if its value is less than or equal to 0.
!!! example "Example of Depth & X-Forwarded-For"
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used as the criterion would be `"12.0.0.1"` (`depth=2`).
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
@ -274,8 +274,71 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
ipStrategy:
depth: 2
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth": "2"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
ipStrategy:
depth: 2
```
##### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
@ -329,23 +392,9 @@ http:
- "192.168.1.7"
```
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
#### `sourceCriterion.requestHeaderName`
Requests having the same value for the given header are grouped as coming from the same source.
Name of the header used to group incoming requests.
```yaml tab="Docker"
labels: