From 2e20394af4a393d85e393dae0b12f02de7e430fa Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Doumenjou Date: Mon, 8 Apr 2019 17:14:08 +0200 Subject: [PATCH] Update the middleware documentation --- docs/content/contributing/building-testing.md | 2 +- docs/content/getting-started/concepts.md | 5 +- docs/content/https-tls/acme.md | 2 +- docs/content/middlewares/addprefix.md | 6 ++ docs/content/middlewares/basicauth.md | 6 ++ docs/content/middlewares/buffering.md | 6 ++ docs/content/middlewares/chain.md | 12 +++ docs/content/middlewares/circuitbreaker.md | 6 ++ docs/content/middlewares/compress.md | 6 ++ docs/content/middlewares/digestauth.md | 10 ++ docs/content/middlewares/errorpages.md | 8 ++ docs/content/middlewares/forwardauth.md | 13 +++ docs/content/middlewares/headers.md | 26 +++++ docs/content/middlewares/ipwhitelist.md | 19 ++++ docs/content/middlewares/maxconnection.md | 6 ++ docs/content/middlewares/passtlsclientcert.md | 43 ++++++++- docs/content/middlewares/ratelimit.md | 95 +++++++++++++------ docs/content/middlewares/redirectregex.md | 11 ++- docs/content/middlewares/redirectscheme.md | 8 +- docs/content/middlewares/replacepath.md | 12 ++- docs/content/middlewares/replacepathregex.md | 69 +++++++++++++- docs/content/middlewares/retry.md | 52 +++++++--- docs/content/middlewares/stripprefix.md | 67 +++++++++++-- docs/content/middlewares/stripprefixregex.md | 68 ++++++++++++- 24 files changed, 488 insertions(+), 70 deletions(-) diff --git a/docs/content/contributing/building-testing.md b/docs/content/contributing/building-testing.md index 1a399f408..c7b709901 100644 --- a/docs/content/contributing/building-testing.md +++ b/docs/content/contributing/building-testing.md @@ -58,7 +58,7 @@ PRE_TARGET= make test-unit ### Method 2: Using `go` -You need `go` v1.9+. +You need `go` v1.12+. !!! tip "Source Directory" diff --git a/docs/content/getting-started/concepts.md b/docs/content/getting-started/concepts.md index cff90c611..a7481a790 100644 --- a/docs/content/getting-started/concepts.md +++ b/docs/content/getting-started/concepts.md @@ -5,7 +5,8 @@ Everything You Need to Know ## Edge Router -Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request: it knows all the logic and every rule that determine which services handle which requests (based on the [path](../../routing/routers/#rule), the [host](../../routing/routers/#rule), [headers](../../routing/routers/#rule), [and so on](../../routing/routers/#rule) ...). +Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request: +it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...). ![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png) @@ -18,7 +19,7 @@ Deploying your services, you attach information that tell Traefik the characteri ![Decentralized Configuration](../assets/img/traefik-concepts-2.png) It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time. -The opposite is true: when you remove a service from your infrastructure, the route will disapear accordingly. +The opposite is true: when you remove a service from your infrastructure, the route will disappear accordingly. You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules. diff --git a/docs/content/https-tls/acme.md b/docs/content/https-tls/acme.md index d8992cca9..80dc96c4c 100644 --- a/docs/content/https-tls/acme.md +++ b/docs/content/https-tls/acme.md @@ -330,7 +330,7 @@ storage = "traefik/acme/account" Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved. For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul. -## Fallbacks +## Fallback If Let's Encrypt is not reachable, the following certificates will apply: diff --git a/docs/content/middlewares/addprefix.md b/docs/content/middlewares/addprefix.md index 6e256426d..1124830b5 100644 --- a/docs/content/middlewares/addprefix.md +++ b/docs/content/middlewares/addprefix.md @@ -26,6 +26,12 @@ spec: prefix: /foo ``` +```yaml tab="Rancher" +# Prefixing with /foo +labels: +- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" +``` + ```toml tab="File" # Prefixing with /foo [http.middlewares] diff --git a/docs/content/middlewares/basicauth.md b/docs/content/middlewares/basicauth.md index 8313da7ce..6c5f39f87 100644 --- a/docs/content/middlewares/basicauth.md +++ b/docs/content/middlewares/basicauth.md @@ -28,6 +28,12 @@ spec: - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0 ``` +```yaml tab="Rancher" +# Declaring the user list +labels: + - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" +``` + ```toml tab="File" # Declaring the user list [http.middlewares] diff --git a/docs/content/middlewares/buffering.md b/docs/content/middlewares/buffering.md index 5ce0222a5..2dc3abff2 100644 --- a/docs/content/middlewares/buffering.md +++ b/docs/content/middlewares/buffering.md @@ -30,6 +30,12 @@ spec: maxRequestBodyBytes: 250000 ``` +```yaml tab="Rancher" +# Sets the maximum request body to 2Mb +labels: +- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000" +``` + ```toml tab="File" # Sets the maximum request body to 2Mb [http.middlewares] diff --git a/docs/content/middlewares/chain.md b/docs/content/middlewares/chain.md index 59eddfc4a..cfb805f26 100644 --- a/docs/content/middlewares/chain.md +++ b/docs/content/middlewares/chain.md @@ -83,6 +83,18 @@ spec: - 127.0.0.1/32 ``` +```yaml tab="Rancher" +labels: +- "traefik.http.routers.router1.service=service1" +- "traefik.http.routers.router1.middlewares=secured" +- "traefik.http.routers.router1.rule=Host(`mydomain`)" +- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" +- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" +- "traefik.http.middlewares.https-only.schemeredirect.scheme=https" +- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" +- "http.services.service1.loadbalancer.server.port=80" +``` + ```toml tab="File" # ... [http.routers] diff --git a/docs/content/middlewares/circuitbreaker.md b/docs/content/middlewares/circuitbreaker.md index e124fe49f..05c27f795 100644 --- a/docs/content/middlewares/circuitbreaker.md +++ b/docs/content/middlewares/circuitbreaker.md @@ -40,6 +40,12 @@ spec: expression: LatencyAtQuantileMS(50.0) > 100 ``` +```yaml tab="Rancher" +# Latency Check +labels: +- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" +``` + ```toml tab="File" # Latency Check [http.middlewares] diff --git a/docs/content/middlewares/compress.md b/docs/content/middlewares/compress.md index 84cf5fdd6..a097fa8f4 100644 --- a/docs/content/middlewares/compress.md +++ b/docs/content/middlewares/compress.md @@ -15,6 +15,12 @@ labels: - "traefik.http.middlewares.test-compress.compress=true" ``` +```yaml tab="Rancher" +# Enable gzip compression +labels: +- "traefik.http.middlewares.test-compress.compress=true" +``` + ```toml tab="File" # Enable gzip compression [http.middlewares] diff --git a/docs/content/middlewares/digestauth.md b/docs/content/middlewares/digestauth.md index 497de9935..803949786 100644 --- a/docs/content/middlewares/digestauth.md +++ b/docs/content/middlewares/digestauth.md @@ -27,6 +27,11 @@ spec: - test2:traefik:518845800f9e2bfb1f1f740ec24f074e ``` +```yaml tab="Rancher" +labels: +- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" +``` + ```toml tab="File" [http.middlewares] [http.middlewares.test-auth.digestAuth] @@ -93,6 +98,11 @@ spec: headerField: X-WebAuth-User ``` +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User" +``` + ```toml tab="File" [http.middlewares.my-auth.digestAuth] # ... diff --git a/docs/content/middlewares/errorpages.md b/docs/content/middlewares/errorpages.md index c79868c76..4174bdeee 100644 --- a/docs/content/middlewares/errorpages.md +++ b/docs/content/middlewares/errorpages.md @@ -33,6 +33,14 @@ spec: query: /{status}.html ``` +```yaml tab="Rancher" +# Dynamic Custom Error Page for 5XX Status Code +labels: +- "traefik.http.middlewares.test-errorpage.errors.status=500-599" +- "traefik.http.middlewares.test-errorpage.errors.service=serviceError" +- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" +``` + ```toml tab="File" # Custom Error Page for 5XX [http.middlewares] diff --git a/docs/content/middlewares/forwardauth.md b/docs/content/middlewares/forwardauth.md index 324dd21ff..613bb15b9 100644 --- a/docs/content/middlewares/forwardauth.md +++ b/docs/content/middlewares/forwardauth.md @@ -43,6 +43,19 @@ spec: key: path/to/foo.key ``` +```yaml tab="Rancher" +# Forward authentication to authserver.com +labels: +- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth" +- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret" +- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt" +- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true" +- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert" +- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true" +- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key" +- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true" +``` + ```toml tab="File" # Forward authentication to authserver.com [http.middlewares] diff --git a/docs/content/middlewares/headers.md b/docs/content/middlewares/headers.md index 84d8ec6a2..7acd5982a 100644 --- a/docs/content/middlewares/headers.md +++ b/docs/content/middlewares/headers.md @@ -32,6 +32,12 @@ spec: X-Custom-Response-Header: "True" ``` +```yaml tab="Rancher" +labels: +- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test" +- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True" +``` + ```toml tab="File" [http.middlewares] [http.middlewares.testHeader.headers] @@ -62,6 +68,12 @@ spec: X-Custom-Response-Header: "" # Removes ``` +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test" + - "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True" +``` + ```toml tab="File" [http.middlewares] [http.middlewares.testHeader.headers] @@ -94,6 +106,12 @@ spec: SSLRedirect: "true" ``` +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.testHeader.Headers.FrameDeny=true" + - "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true" +``` + ```toml tab="File" [http.middlewares] [http.middlewares.testHeader.headers] @@ -130,6 +148,14 @@ spec: AddVaryHeader: "true" ``` +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT" + - "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null" + - "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100" + - "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true" +``` + ```toml tab="File" [http.middlewares] [http.middlewares.testHeader.headers] diff --git a/docs/content/middlewares/ipwhitelist.md b/docs/content/middlewares/ipwhitelist.md index 358296fc9..01d4bf4a1 100644 --- a/docs/content/middlewares/ipwhitelist.md +++ b/docs/content/middlewares/ipwhitelist.md @@ -27,6 +27,12 @@ spec: - 192.168.1.7 ``` +```yaml tab="Rancher" +# Accepts request from defined IP +labels: +- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7" +``` + ```toml tab="File" # Accepts request from defined IP [http.middlewares] @@ -82,6 +88,13 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th depth: 2 ``` + ```yaml tab="Rancher" + # Whitelisting Based on `X-Forwarded-For` with `depth=2` + labels: + - "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" + ``` + ```toml tab="File" # Whitelisting Based on `X-Forwarded-For` with `depth=2` [http.middlewares] @@ -133,6 +146,12 @@ spec: - 192.168.1.7 ``` +```yaml tab="Rancher" +# Exclude from `X-Forwarded-For` +labels: + - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7" +``` + ```toml tab="File" # Exclude from `X-Forwarded-For` [http.middlewares] diff --git a/docs/content/middlewares/maxconnection.md b/docs/content/middlewares/maxconnection.md index e5811d5ec..86e3e0459 100644 --- a/docs/content/middlewares/maxconnection.md +++ b/docs/content/middlewares/maxconnection.md @@ -25,6 +25,12 @@ spec: prefix: /bar ``` +```yaml tab="Rancher" +# Limiting to 10 simultaneous connections +labels: +- "traefik.http.middlewares.test-maxconn.maxconn.amount=10" +``` + ```toml tab="File" # Limiting to 10 simultaneous connections [http.middlewares] diff --git a/docs/content/middlewares/passtlsclientcert.md b/docs/content/middlewares/passtlsclientcert.md index 451645d80..6be54cd0d 100644 --- a/docs/content/middlewares/passtlsclientcert.md +++ b/docs/content/middlewares/passtlsclientcert.md @@ -1,4 +1,4 @@ -# TODO - PassTLSClientCert +# PassTLSClientCert Adding Client Certificates in a Header {: .subtitle } @@ -27,6 +27,12 @@ spec: pem: true ``` +```yaml tab="Rancher" +# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +labels: +- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" +``` + ```toml tab="File" # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. [http.middlewares] @@ -88,6 +94,28 @@ spec: domainComponent: true ``` + ```yaml tab="Rancher" + # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header + labels: + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" + ``` + ```toml tab="File" # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header [http.middlewares] @@ -120,8 +148,8 @@ spec: PassTLSClientCert can add two headers to the request: -* `X-Forwarded-Tls-Client-Cert` that contains the escaped pem. -* `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string. +- `X-Forwarded-Tls-Client-Cert` that contains the escaped pem. +- `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string. !!! note The headers are filled with escaped string so it can be safely placed inside a URL query. @@ -235,6 +263,7 @@ In the following example, you can see a complete certificate. We will use each p ### `pem` The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escape certificate. + In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters : ??? example "The data used by the pem option" @@ -283,10 +312,16 @@ In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----E The delimiters and `\n` will be removed. If there are more than one certificate, they are separated by a "`;`". +!!! note "`X-Forwarded-Tls-Client-Cert` value could exceed the web server header size limit" + + The header size limit of web servers is commonly between 4kb and 8kb. + You could change the server configuration to allow bigger header or use the `info` option with the needed field(s). + ### `info` The `info` option select the specific client certificate details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. The value of the header will be an escaped concatenation of all the selected certificate details. + The following example shows an unescaped result that uses all the available fields: ```text @@ -300,6 +335,7 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO #### `info.notafter` Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part. + The data are taken from the following certificate part: ```text @@ -333,6 +369,7 @@ NB=1544094616 #### `info.sans` Set the `info.sans` option to `true` to add the `Subject Alternative Name` information from the `Subject Alternative Name` part. + The data are taken from the following certificate part: ```text diff --git a/docs/content/middlewares/ratelimit.md b/docs/content/middlewares/ratelimit.md index d431d5f68..33e2ee44f 100644 --- a/docs/content/middlewares/ratelimit.md +++ b/docs/content/middlewares/ratelimit.md @@ -1,4 +1,4 @@ -# TODO -- RateLimit +# RateLimit Protection from Too Many Calls {: .subtitle } @@ -9,38 +9,71 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r ## Configuration Example -??? example "Limit to 100 requests every 10 seconds (with a possible burst of 200)" - - ```toml - [http.middlewares] - [http.middlewares.fair-ratelimit.ratelimit] - extractorfunc = "client.ip" - - [http.middlewares.fair-ratelimit.ratelimit.rateset1] - period = "10s" - average = 100 - burst = 200 - ``` +```yaml tab="Docker" +# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. +# These can "burst" up to 10 and 200 in each period, respectively. +labels: +- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10" + +``` -??? example "Combine multiple limits" +```yaml tab="Kubernetes" +# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. +# These can "burst" up to 10 and 200 in each period, respectively. +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-ratelimit +spec: + rateLimit: + extractorfunc = "client.ip" + rate0: + period = "10s" + average = 100 + burst = 200 + rate1: + period = "3s" + average = 5 + burst = 10 +``` + +```yaml tab="Rancher" +# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. +# These can "burst" up to 10 and 200 in each period, respectively. +labels: +- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5" +- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10" + +``` + +```toml tab="File" +# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. +# These can "burst" up to 10 and 200 in each period, respectively. +[http.middlewares] + [http.middlewares.test-ratelimit.ratelimit] + extractorfunc = "client.ip" - ```toml - [http.middlewares] - [http.middlewares.fair-ratelimit.ratelimit] - extractorfunc = "client.ip" + [http.middlewares.test-ratelimit.ratelimit.rate0] + period = "10s" + average = 100 + burst = 200 - [http.middlewares.fair-ratelimit.ratelimit.rateset1] - period = "10s" - average = 100 - burst = 200 - - [http.middlewares.fair-ratelimit.ratelimit.rateset2] - period = "3s" - average = 5 - burst = 10 - ``` - - Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can "burst" up to 10 and 200 in each period, respectively. + [http.middlewares.test-ratelimit.ratelimit.rate1] + period = "3s" + average = 5 + burst = 10 +``` ## Configuration Options @@ -54,7 +87,7 @@ The possible values are: - `client.ip` categorizes requests based on the client ip. - `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value. -### `ratelimit` (multiple values) +### `ratelimit` You can combine multiple rate limits. The rate limit will trigger with the first reached limit. diff --git a/docs/content/middlewares/redirectregex.md b/docs/content/middlewares/redirectregex.md index 2c4b3460a..a59f50a89 100644 --- a/docs/content/middlewares/redirectregex.md +++ b/docs/content/middlewares/redirectregex.md @@ -1,4 +1,4 @@ -# TODO - RedirectRegex +# RedirectRegex Redirecting the Client to a Different Location {: .subtitle } @@ -28,6 +28,13 @@ spec: replacement: http://mydomain/$1 ``` +```yaml tab="Rancher" +# Redirect with domain replacement +labels: +- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" +- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1" +``` + ```toml tab="File" # Redirect with domain replacement [http.middlewares] @@ -44,7 +51,7 @@ Set the `permanent` option to `true` to apply a permanent redirection. ### `regex` -The `Regex` option is the regular expression to match and capture elements form the request URL. +The `Regex` option is the regular expression to match and capture elements from the request URL. !!! warning diff --git a/docs/content/middlewares/redirectscheme.md b/docs/content/middlewares/redirectscheme.md index 47adfec47..1515a5d1f 100644 --- a/docs/content/middlewares/redirectscheme.md +++ b/docs/content/middlewares/redirectscheme.md @@ -1,4 +1,4 @@ -# TODO - RedirectScheme +# RedirectScheme Redirecting the Client to a Different Scheme/Port {: .subtitle } @@ -26,6 +26,12 @@ spec: scheme: https ``` +```yaml tab="Rancher" +# Redirect to https +labels: +- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" +``` + ```toml tab="File" # Redirect to https [http.middlewares] diff --git a/docs/content/middlewares/replacepath.md b/docs/content/middlewares/replacepath.md index 1e66b6c18..d5522dd50 100644 --- a/docs/content/middlewares/replacepath.md +++ b/docs/content/middlewares/replacepath.md @@ -1,4 +1,4 @@ -# TODO -- ReplacePath +# ReplacePath Updating the Path Before Forwarding the Request {: .subtitle } @@ -26,6 +26,12 @@ spec: path: /foo ``` +```yaml tab="Rancher" +# Replace the path by /foo +labels: +- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" +``` + ```toml tab="File" # Replace the path by /foo [http.middlewares] @@ -39,8 +45,8 @@ spec: The ReplacePath middleware will: -* replace the actual path by the specified one. -* store the original path in a `X-Replaced-Path` header. +- replace the actual path by the specified one. +- store the original path in a `X-Replaced-Path` header. ### `path` diff --git a/docs/content/middlewares/replacepathregex.md b/docs/content/middlewares/replacepathregex.md index b12becada..4c70be132 100644 --- a/docs/content/middlewares/replacepathregex.md +++ b/docs/content/middlewares/replacepathregex.md @@ -1,4 +1,69 @@ -# TODO -- ReplacePathRegex +# ReplacePathRegex Updating the Path Before Forwarding the Request (Using a Regex) -{: .subtitle } \ No newline at end of file +{: .subtitle } + +`TODO: add schema` + +The ReplaceRegex replace a path from an url to another with regex matching and replacement. + +## Configuration Examples + +```yaml tab="Docker" +# Replace path with regex +labels: +- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" +- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" +``` + +```yaml tab="Kubernetes" +# Replace path with regex +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-replacepathregex +spec: + replacePathRegex: + regex: ^/foo/(.*) + replacement: /bar/$1 +``` + +```yaml tab="Rancher" +# Replace path with regex +labels: +- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" +- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" +``` + +```toml tab="File" +# Redirect with domain replacement +[http.middlewares] + [http.middlewares.test-replacepathregex.replacePathRegex] + regex = "^/foo/(.*)" + replacement = "/bar/$1" +``` + +## Configuration Options + +### General + +The ReplacePathRegex middleware will: + +- replace the matching path by the specified one. +- store the original path in a `X-Replaced-Path` header. + +### `regex` + +The `Regex` option is the regular expression to match and capture the path from the request URL. + +!!! warning + + Care should be taken when defining replacement expand variables: `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax. + +!!! tip + + Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2). + +### `replacement` + +The `replacement` option defines how to modify the path to have the new target path. diff --git a/docs/content/middlewares/retry.md b/docs/content/middlewares/retry.md index 3fe835ee4..1227eb0da 100644 --- a/docs/content/middlewares/retry.md +++ b/docs/content/middlewares/retry.md @@ -1,20 +1,48 @@ -# TODO -- Retry +# Retry Retrying until it Succeeds {: .subtitle } -## Old Content +`TODO: add schema` -## Retry Configuration +Retry to send request on attempt failure. -```toml -# Enable retry sending request if network error -[retry] +## Configuration Examples -# Number of attempts -# -# Optional -# Default: (number servers in backend) -1 -# -# attempts = 3 +```yaml tab="Docker" +# Retry to send request 4 times +labels: +- "traefik.http.middlewares.test-retry.retry.attempts=4" ``` + +```yaml tab="Kubernetes" +# Retry to send request 4 times +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-retry +spec: + retry: + attempts: 4 +``` + +```yaml tab="Rancher" +# Retry to send request 4 times +labels: +- "traefik.http.middlewares.test-retry.retry.attempts=4" +``` + +```toml tab="File" +# Retry to send request 4 times +[http.middlewares] + [http.middlewares.test-retry.Retry] + attempts = 4 +``` + +## Configuration Options + +### `attempts` + +_mandatory_ + +The `attempts` option defines how many times to try sending the request. \ No newline at end of file diff --git a/docs/content/middlewares/stripprefix.md b/docs/content/middlewares/stripprefix.md index 8d82ad0df..151f8d535 100644 --- a/docs/content/middlewares/stripprefix.md +++ b/docs/content/middlewares/stripprefix.md @@ -1,13 +1,66 @@ -# TODO -- StripPrefix +# StripPrefix Removing Prefixes From the Path Before Forwarding the Request {: .subtitle } -## OldContent - -Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix. -For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. -Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. +`TODO: add schema` + +Remove the specified prefixes from the URL path. + +## Configuration Examples + +```yaml tab="Docker" +# Replace the path by /foo +labels: +- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar" +``` + +```yaml tab="Kubernetes" +# Replace the path by /foo +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-stripprefix +spec: + StripPrefix: + prefixes: "foobar, fiibar" +``` + +```yaml tab="Rancher" +# Replace the path by /foo +labels: +- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar" +``` + +```toml tab="File" +# Replace the path by /foo +[http.middlewares] + [http.middlewares.test-stripprefix.StripPrefix] + prefixes: "foobar, fiibar" +``` + +## Configuration Options + +### General + +The StripPrefix middleware will: + +- strip the matching path prefix. +- store the matching path prefix in a `X-Forwarded-Prefix` header. + +!!! tip + + Use a `StripPrefix` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix. + +### `prefixes` + +The `prefixes` option defines the prefixes to strip from the request URL. + +For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`. + +Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. + If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). -The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically. + +The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically. diff --git a/docs/content/middlewares/stripprefixregex.md b/docs/content/middlewares/stripprefixregex.md index 4a7ca3ac7..e1f38db2f 100644 --- a/docs/content/middlewares/stripprefixregex.md +++ b/docs/content/middlewares/stripprefixregex.md @@ -1,13 +1,71 @@ -# TODO -- StripPrefix +# StripPrefix Removing Prefixes From the Path Before Forwarding the Request (Using a Regex) {: .subtitle } -## OldContent +`TODO: add schema` + +Remove the matching prefixes from the URL path. + +## Configuration Examples + +```yaml tab="Docker" +# Replace the path by /foo +labels: +- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)", +``` + +```yaml tab="Kubernetes" +# Replace the path by /foo +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: test-stripprefixregex +spec: + StripPrefixRegex: + regex: "^/foo/(.*)" +``` + +```yaml tab="Rancher" +# Replace the path by /foo +labels: +- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)", +``` + +```toml tab="File" +# Replace the path by /foo +[http.middlewares] + [http.middlewares.test-stripprefixregex.StripPrefixRegex] + regex: "^/foo/(.*)" +``` + +## Configuration Options + +### General + +The StripPrefixRegex middleware will: + +- strip the matching path prefix. +- store the matching path prefix in a `X-Forwarded-Prefix` header. + +!!! tip + + Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix. + +### `regex` + +The `regex` option is the regular expression to match the path prefix from the request URL. + +!!! tip + + Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2). + +For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`. -Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix. -For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. + If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. + Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). -The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically. + +The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically.