homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Entry point redirection and default routers configuration

Browse source 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
This commit is contained in:
Traefiker Bot 2020-03-05 12:46:05 +01:00 committed by GitHub
parent 93a7af270f
commit a6040c623b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
46 changed files with 1016 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

25
docs/content/migration/v1-to-v2.md
View file

@ -387,10 +387,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
- match: HostRegexp(`{any:.+}`)
kind: Rule
services:
# any service in the namespace
# the service will be never called
- name: noop
port: 80
# the noop service will be never called
- name: noop@internal
middlewares:
- name: https_redirect
# if the Middleware has distinct namespace
@ -431,13 +429,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
entryPoints = ["web"]
middlewares = ["https_redirect"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.services]
# noop service, the URL will be never called
[http.services.noop.loadBalancer]
[[http.services.noop.loadBalancer.servers]]
url = "http://192.168.0.1:1337"
# the noop service will be never called
service = "noop@internal"
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
@ -472,14 +465,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
middlewares:
- https_redirect
rule: "HostRegexp(`{any:.+}`)"
service: noop
services:
# noop service, the URL will be never called
noop:
loadBalancer:
servers:
- url: http://192.168.0.1:1337
# the noop service will be never called
service: noop@internal
middlewares:
https_redirect:

30
docs/content/reference/static-configuration/cli-ref.md
View file

@ -99,6 +99,36 @@ Trust all forwarded headers. (Default: ```false```)
`--entrypoints.<name>.forwardedheaders.trustedips`:
Trust only forwarded headers from selected IPs.
`--entrypoints.<name>.http`:
HTTP configuration.
`--entrypoints.<name>.http.middlewares`:
Default middlewares for the routers linked to the entry point.
`--entrypoints.<name>.http.redirections.entrypoint.scheme`:
Scheme used for the redirection. Defaults to https. (Default: ```https```)
`--entrypoints.<name>.http.redirections.entrypoint.to`:
Targeted entry point of the redirection.
`--entrypoints.<name>.http.tls`:
Default TLS configuration for the routers linked to the entry point. (Default: ```false```)
`--entrypoints.<name>.http.tls.certresolver`:
Default certificate resolver for the routers linked to the entry point.
`--entrypoints.<name>.http.tls.domains`:
Default TLS domains for the routers linked to the entry point.
`--entrypoints.<name>.http.tls.domains[n].main`:
Default subject name.
`--entrypoints.<name>.http.tls.domains[n].sans`:
Subject alternative names.
`--entrypoints.<name>.http.tls.options`:
Default TLS options for the routers linked to the entry point.
`--entrypoints.<name>.proxyprotocol`:
Proxy-Protocol configuration. (Default: ```false```)

30
docs/content/reference/static-configuration/env-ref.md
View file

@ -99,6 +99,36 @@ Trust all forwarded headers. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:
Trust only forwarded headers from selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP`:
HTTP configuration.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_MIDDLEWARES`:
Default middlewares for the routers linked to the entry point.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:
Scheme used for the redirection. Defaults to https. (Default: ```https```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_TO`:
Targeted entry point of the redirection.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS`:
Default TLS configuration for the routers linked to the entry point. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_CERTRESOLVER`:
Default certificate resolver for the routers linked to the entry point.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS`:
Default TLS domains for the routers linked to the entry point.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS[n]_MAIN`:
Default subject name.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS[n]_SANS`:
Subject alternative names.
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_OPTIONS`:
Default TLS options for the routers linked to the entry point.
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:
Proxy-Protocol configuration. (Default: ```false```)

41
docs/content/reference/static-configuration/file.toml
View file

@ -28,6 +28,23 @@
[entryPoints.EntryPoint0.forwardedHeaders]
insecure = true
trustedIPs = ["foobar", "foobar"]
[entryPoints.EntryPoint0.http]
middlewares = ["foobar", "foobar"]
[entryPoints.EntryPoint0.http.redirections]
[entryPoints.EntryPoint0.http.redirections.entryPoint]
to = "foobar"
scheme = "foobar"
[entryPoints.EntryPoint0.http.tls]
options = "foobar"
certResolver = "foobar"
[[entryPoints.EntryPoint0.http.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[entryPoints.EntryPoint0.http.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[providers]
providersThrottleDuration = 42
@ -133,10 +150,10 @@
username = "foobar"
password = "foobar"
[providers.consul]
rootKey = "traefik"
rootKey = "traefik"
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
username = "foobar"
password = "foobar"
[providers.consul.tls]
ca = "foobar"
caOptional = true
@ -144,10 +161,10 @@
key = "foobar"
insecureSkipVerify = true
[providers.etcd]
rootKey = "traefik"
rootKey = "traefik"
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
username = "foobar"
password = "foobar"
[providers.etcd.tls]
ca = "foobar"
caOptional = true
@ -155,10 +172,10 @@
key = "foobar"
insecureSkipVerify = true
[providers.zooKeeper]
rootKey = "traefik"
rootKey = "traefik"
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
username = "foobar"
password = "foobar"
[providers.zooKeeper.tls]
ca = "foobar"
caOptional = true
@ -166,10 +183,10 @@
key = "foobar"
insecureSkipVerify = true
[providers.redis]
rootKey = "traefik"
rootKey = "traefik"
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
username = "foobar"
password = "foobar"
[providers.redis.tls]
ca = "foobar"
caOptional = true

28
docs/content/reference/static-configuration/file.yaml
View file

@ -32,6 +32,26 @@ entryPoints:
trustedIPs:
- foobar
- foobar
http:
redirections:
entryPoint:
to: foobar
scheme: foobar
middlewares:
- foobar
- foobar
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
providers:
providersThrottleDuration: 42
docker:
@ -142,8 +162,8 @@ providers:
consul:
rootKey: traefik
endpoints:
- foobar
- foobar
- foobar
- foobar
username: foobar
password: foobar
tls:
@ -155,8 +175,8 @@ providers:
etcd:
rootKey: traefik
endpoints:
- foobar
- foobar
- foobar
- foobar
username: foobar
password: foobar
tls:

208
docs/content/routing/entrypoints.md
View file

@ -529,3 +529,211 @@ If the Proxy Protocol header is passed, then the version is determined automatic
When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
Not doing so could introduce a security risk in your system (enabling request forgery).
## HTTP Options
This whole section is dedicated to options, keyed by entry point, that will apply only to HTTP routing.
### Redirection
??? example "HTTPS redirection (80 to 443)"
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
https: true
websecure:
address: :443
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.https=true
--entrypoints.websecure.address=:443
```
#### `entryPoint`
This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`).
??? info "`entryPoint.to`"
_Required_
The target entry point.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
to = "bar"
```
```yaml tab="File (YAML)"
entryPoints:
foo:
# ...
http:
redirections:
entryPoint:
to: bar
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
_Optional, Default="http"_
The redirection target scheme.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
scheme = "https"
```
```yaml tab="File (YAML)"
entryPoints:
foo:
# ...
http:
redirections:
entryPoint:
# ...
scheme: https
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
### Middlewares
The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
address: ':443'
http:
middlewares:
- auth@file
- strip@file
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.middlewares=auth@file,strip@file
```
### TLS
This section is about the default TLS configuration applied to all routers associated with the named entry point.
If a TLS section (i.e. any of its fields) is user-defined, then the default configuration does not apply at all.
The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls).
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
address: ':443'
http:
tls:
options: foobar
certResolver: leresolver
domains:
- main: example.com
sans:
- foo.example.com
- bar.example.com
- main: test.com
sans:
- foo.test.com
- bar.test.com
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.options=foobar
entrypoints.websecure.http.tls.certResolver=leresolver
entrypoints.websecure.http.tls.domains[0].main=example.com
entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
entrypoints.websecure.http.tls.domains[1].main=test.com
entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
```
??? example "Let's Encrypt"
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
address: ':443'
http:
tls:
certResolver: leresolver
```
```bash tab="CLI"
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.certResolver=leresolver
```