baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix: don't allow routers higher than internal ones

Browse source
This commit is contained in:
Ludovic Fernandez 2024-02-15 16:40:05 +01:00 committed by GitHub
parent 6a2db4e4e9
commit 1e7dbc70a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
19 changed files with 45 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/content/reference/static-configuration/cli-ref.md
View file

@ -127,7 +127,7 @@ Default middlewares for the routers linked to the entry point.
Applies a permanent redirection. (Default: ```true```) Applies a permanent redirection. (Default: ```true```)
`--entrypoints.<name>.http.redirections.entrypoint.priority`: `--entrypoints.<name>.http.redirections.entrypoint.priority`:
Priority of the generated router. (Default: ```2147483646```) Priority of the generated router. (Default: ```9223372036854775806```)
`--entrypoints.<name>.http.redirections.entrypoint.scheme`: `--entrypoints.<name>.http.redirections.entrypoint.scheme`:
Scheme used for the redirection. (Default: ```https```) Scheme used for the redirection. (Default: ```https```)

2
docs/content/reference/static-configuration/env-ref.md
View file

@ -136,7 +136,7 @@ Default middlewares for the routers linked to the entry point.
Applies a permanent redirection. (Default: ```true```) Applies a permanent redirection. (Default: ```true```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`: `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`:
Priority of the generated router. (Default: ```2147483646```) Priority of the generated router. (Default: ```9223372036854775806```)
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`: `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:
Scheme used for the redirection. (Default: ```https```) Scheme used for the redirection. (Default: ```https```)

2
docs/content/routing/entrypoints.md
View file

@ -865,7 +865,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
??? info "`entryPoint.priority`" ??? info "`entryPoint.priority`"
_Optional, Default=MaxInt32-1 (2147483646)_ _Optional, Default=MaxInt-1_
Priority of the generated router. Priority of the generated router.

4
integration/testdata/rawdata-consul.json vendored
View file

@ -53,7 +53,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -69,7 +69,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-etcd.json vendored
View file

@ -53,7 +53,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -69,7 +69,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-gateway.json vendored
View file

@ -6,7 +6,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -22,7 +22,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-ingress-label-selector.json vendored
View file

@ -6,7 +6,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -22,7 +22,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-ingress.json vendored
View file

@ -6,7 +6,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -22,7 +22,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-ingressclass.json vendored
View file

@ -6,7 +6,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -22,7 +22,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-redis.json vendored
View file

@ -53,7 +53,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -69,7 +69,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

4
integration/testdata/rawdata-zk.json vendored
View file

@ -53,7 +53,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646, "priority": 9223372036854775806,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"
@ -69,7 +69,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645, "priority": 9223372036854775805,
"status": "enabled", "status": "enabled",
"using": [ "using": [
"traefik" "traefik"

2
pkg/config/static/entrypoints.go
View file

@ -95,7 +95,7 @@ type RedirectEntryPoint struct {
func (r *RedirectEntryPoint) SetDefaults() { func (r *RedirectEntryPoint) SetDefaults() {
r.Scheme = "https" r.Scheme = "https"
r.Permanent = true r.Permanent = true
r.Priority = math.MaxInt32 - 1 r.Priority = math.MaxInt - 1
} }
// TLSConfig is the default TLS configuration for all the routers associated to the concerned entry point. // TLSConfig is the default TLS configuration for all the routers associated to the concerned entry point.

6
pkg/provider/traefik/fixtures/api_insecure_with_dashboard.json
View file

@ -7,7 +7,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646 "priority": 9223372036854775806
}, },
"dashboard": { "dashboard": {
"entryPoints": [ "entryPoints": [
@ -19,7 +19,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645 "priority": 9223372036854775805
} }
}, },
"middlewares": { "middlewares": {
@ -47,4 +47,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

4
pkg/provider/traefik/fixtures/api_insecure_without_dashboard.json
View file

@ -7,7 +7,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646 "priority": 9223372036854775806
} }
}, },
"services": { "services": {
@ -17,4 +17,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

14
pkg/provider/traefik/fixtures/full_configuration.json
View file

@ -7,7 +7,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/api`)", "rule": "PathPrefix(`/api`)",
"priority": 2147483646 "priority": 9223372036854775806
}, },
"dashboard": { "dashboard": {
"entryPoints": [ "entryPoints": [
@ -19,7 +19,7 @@
], ],
"service": "dashboard@internal", "service": "dashboard@internal",
"rule": "PathPrefix(`/`)", "rule": "PathPrefix(`/`)",
"priority": 2147483645 "priority": 9223372036854775805
}, },
"debug": { "debug": {
"entryPoints": [ "entryPoints": [
@ -27,7 +27,7 @@
], ],
"service": "api@internal", "service": "api@internal",
"rule": "PathPrefix(`/debug`)", "rule": "PathPrefix(`/debug`)",
"priority": 2147483646 "priority": 9223372036854775806
}, },
"ping": { "ping": {
"entryPoints": [ "entryPoints": [
@ -35,7 +35,7 @@
], ],
"service": "ping@internal", "service": "ping@internal",
"rule": "PathPrefix(`/ping`)", "rule": "PathPrefix(`/ping`)",
"priority": 2147483647 "priority": 9223372036854775807
}, },
"prometheus": { "prometheus": {
"entryPoints": [ "entryPoints": [
@ -43,7 +43,7 @@
], ],
"service": "prometheus@internal", "service": "prometheus@internal",
"rule": "PathPrefix(`/metrics`)", "rule": "PathPrefix(`/metrics`)",
"priority": 2147483647 "priority": 9223372036854775807
}, },
"rest": { "rest": {
"entryPoints": [ "entryPoints": [
@ -51,7 +51,7 @@
], ],
"service": "rest@internal", "service": "rest@internal",
"rule": "PathPrefix(`/api/providers`)", "rule": "PathPrefix(`/api/providers`)",
"priority": 2147483647 "priority": 9223372036854775807
} }
}, },
"middlewares": { "middlewares": {
@ -82,4 +82,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

4
pkg/provider/traefik/fixtures/ping_simple.json
View file

@ -7,7 +7,7 @@
], ],
"service": "ping@internal", "service": "ping@internal",
"rule": "PathPrefix(`/ping`)", "rule": "PathPrefix(`/ping`)",
"priority": 2147483647 "priority": 9223372036854775807
} }
}, },
"services": { "services": {
@ -17,4 +17,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

4
pkg/provider/traefik/fixtures/prometheus_simple.json
View file

@ -7,7 +7,7 @@
], ],
"service": "prometheus@internal", "service": "prometheus@internal",
"rule": "PathPrefix(`/metrics`)", "rule": "PathPrefix(`/metrics`)",
"priority": 2147483647 "priority": 9223372036854775807
} }
}, },
"services": { "services": {
@ -17,4 +17,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

4
pkg/provider/traefik/fixtures/rest_insecure.json
View file

@ -7,7 +7,7 @@
], ],
"service": "rest@internal", "service": "rest@internal",
"rule": "PathPrefix(`/api/providers`)", "rule": "PathPrefix(`/api/providers`)",
"priority": 2147483647 "priority": 9223372036854775807
} }
}, },
"services": { "services": {
@ -17,4 +17,4 @@
}, },
"tcp": {}, "tcp": {},
"tls": {} "tls": {}
} }

14
pkg/provider/traefik/internal.go
View file

@ -104,7 +104,7 @@ func (i *Provider) acme(cfg *dynamic.Configuration) {
Rule: "PathPrefix(`/.well-known/acme-challenge/`)", Rule: "PathPrefix(`/.well-known/acme-challenge/`)",
EntryPoints: eps, EntryPoints: eps,
Service: "acme-http@internal", Service: "acme-http@internal",
Priority: math.MaxInt32, Priority: math.MaxInt,
} }
cfg.HTTP.Routers["acme-http"] = rt cfg.HTTP.Routers["acme-http"] = rt
@ -218,7 +218,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["api"] = &dynamic.Router{ cfg.HTTP.Routers["api"] = &dynamic.Router{
EntryPoints: []string{defaultInternalEntryPointName}, EntryPoints: []string{defaultInternalEntryPointName},
Service: "api@internal", Service: "api@internal",
Priority: math.MaxInt32 - 1, Priority: math.MaxInt - 1,
Rule: "PathPrefix(`/api`)", Rule: "PathPrefix(`/api`)",
} }
@ -226,7 +226,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["dashboard"] = &dynamic.Router{ cfg.HTTP.Routers["dashboard"] = &dynamic.Router{
EntryPoints: []string{defaultInternalEntryPointName}, EntryPoints: []string{defaultInternalEntryPointName},
Service: "dashboard@internal", Service: "dashboard@internal",
Priority: math.MaxInt32 - 2, Priority: math.MaxInt - 2,
Rule: "PathPrefix(`/`)", Rule: "PathPrefix(`/`)",
Middlewares: []string{"dashboard_redirect@internal", "dashboard_stripprefix@internal"}, Middlewares: []string{"dashboard_redirect@internal", "dashboard_stripprefix@internal"},
} }
@ -247,7 +247,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["debug"] = &dynamic.Router{ cfg.HTTP.Routers["debug"] = &dynamic.Router{
EntryPoints: []string{defaultInternalEntryPointName}, EntryPoints: []string{defaultInternalEntryPointName},
Service: "api@internal", Service: "api@internal",
Priority: math.MaxInt32 - 1, Priority: math.MaxInt - 1,
Rule: "PathPrefix(`/debug`)", Rule: "PathPrefix(`/debug`)",
} }
} }
@ -269,7 +269,7 @@ func (i *Provider) pingConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["ping"] = &dynamic.Router{ cfg.HTTP.Routers["ping"] = &dynamic.Router{
EntryPoints: []string{i.staticCfg.Ping.EntryPoint}, EntryPoints: []string{i.staticCfg.Ping.EntryPoint},
Service: "ping@internal", Service: "ping@internal",
Priority: math.MaxInt32, Priority: math.MaxInt,
Rule: "PathPrefix(`/ping`)", Rule: "PathPrefix(`/ping`)",
} }
} }
@ -286,7 +286,7 @@ func (i *Provider) restConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["rest"] = &dynamic.Router{ cfg.HTTP.Routers["rest"] = &dynamic.Router{
EntryPoints: []string{defaultInternalEntryPointName}, EntryPoints: []string{defaultInternalEntryPointName},
Service: "rest@internal", Service: "rest@internal",
Priority: math.MaxInt32, Priority: math.MaxInt,
Rule: "PathPrefix(`/api/providers`)", Rule: "PathPrefix(`/api/providers`)",
} }
} }
@ -303,7 +303,7 @@ func (i *Provider) prometheusConfiguration(cfg *dynamic.Configuration) {
cfg.HTTP.Routers["prometheus"] = &dynamic.Router{ cfg.HTTP.Routers["prometheus"] = &dynamic.Router{
EntryPoints: []string{i.staticCfg.Metrics.Prometheus.EntryPoint}, EntryPoints: []string{i.staticCfg.Metrics.Prometheus.EntryPoint},
Service: "prometheus@internal", Service: "prometheus@internal",
Priority: math.MaxInt32, Priority: math.MaxInt,
Rule: "PathPrefix(`/metrics`)", Rule: "PathPrefix(`/metrics`)",
} }
} }