fix(docker): whitelist on services.

2017-12-19 23:56:26 +01:00 · 2017-12-19 23:56:26 +01:00 · dd7a8a9a87
parent 133aa77c21
commit dd7a8a9a87
3 changed files with 22 additions and 20 deletions
--- a/docs/configuration/backends/docker.md
+++ b/docs/configuration/backends/docker.md
@ -237,6 +237,7 @@ Services labels can be used for overriding default behaviour
 | `traefik.<service-name>.frontend.redirect.regex=^http://localhost/(.*)`   | Overrides `traefik.frontend.redirect.regex`.                                                     |
 | `traefik.<service-name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`.                                               |
 | `traefik.<service-name>.frontend.rule`                                    | Overrides `traefik.frontend.rule`.                                                               |
+| `traefik.<service-name>.frontend.whitelistSourceRange:RANGE`              | Overrides `traefik.frontend.whitelistSourceRange`.                                               |

 #### Security Headers

--- a/provider/docker/config.go
+++ b/provider/docker/config.go
@ -105,24 +105,25 @@ func (p *Provider) buildConfiguration(containersInspected []dockerData) *types.C
 		"getServiceProtocol": getFuncServiceStringLabel(label.SuffixProtocol, label.DefaultProtocol),
 		"getServiceWeight":   getFuncServiceStringLabel(label.SuffixWeight, label.DefaultWeight),
 		// Services - Frontend functions
-		"getServiceEntryPoints":         getFuncServiceSliceStringLabel(label.SuffixFrontendEntryPoints),
-		"getServiceBasicAuth":           getFuncServiceSliceStringLabel(label.SuffixFrontendAuthBasic),
-		"getServiceFrontendRule":        p.getServiceFrontendRule,
-		"getServicePassHostHeader":      getFuncServiceStringLabel(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeader),
-		"getServicePassTLSCert":         getFuncServiceBoolLabel(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert),
-		"getServicePriority":            getFuncServiceStringLabel(label.SuffixFrontendPriority, label.DefaultFrontendPriority),
-		"hasServiceRedirect":            hasServiceRedirect,
-		"getServiceRedirectEntryPoint":  getFuncServiceStringLabel(label.SuffixFrontendRedirectEntryPoint, label.DefaultFrontendRedirectEntryPoint),
-		"getServiceRedirectReplacement": getFuncServiceStringLabel(label.SuffixFrontendRedirectReplacement, ""),
-		"getServiceRedirectRegex":       getFuncServiceStringLabel(label.SuffixFrontendRedirectRegex, ""),
-		"hasServiceRequestHeaders":      hasFuncServiceLabel(label.SuffixFrontendRequestHeaders),
-		"getServiceRequestHeaders":      getFuncServiceMapLabel(label.SuffixFrontendRequestHeaders),
-		"hasServiceResponseHeaders":     hasFuncServiceLabel(label.SuffixFrontendResponseHeaders),
-		"getServiceResponseHeaders":     getFuncServiceMapLabel(label.SuffixFrontendResponseHeaders),
-		"hasServiceErrorPages":          hasServiceErrorPages,
-		"getServiceErrorPages":          getServiceErrorPages,
-		"hasServiceRateLimits":          hasFuncServiceLabel(label.SuffixFrontendRateLimitExtractorFunc),
-		"getServiceRateLimits":          getServiceRateLimits,
+		"getServiceEntryPoints":          getFuncServiceSliceStringLabel(label.SuffixFrontendEntryPoints),
+		"getServiceWhitelistSourceRange": getFuncServiceSliceStringLabel(label.TraefikFrontendWhitelistSourceRange),
+		"getServiceBasicAuth":            getFuncServiceSliceStringLabel(label.SuffixFrontendAuthBasic),
+		"getServiceFrontendRule":         p.getServiceFrontendRule,
+		"getServicePassHostHeader":       getFuncServiceStringLabel(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeader),
+		"getServicePassTLSCert":          getFuncServiceBoolLabel(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert),
+		"getServicePriority":             getFuncServiceStringLabel(label.SuffixFrontendPriority, label.DefaultFrontendPriority),
+		"hasServiceRedirect":             hasServiceRedirect,
+		"getServiceRedirectEntryPoint":   getFuncServiceStringLabel(label.SuffixFrontendRedirectEntryPoint, label.DefaultFrontendRedirectEntryPoint),
+		"getServiceRedirectReplacement":  getFuncServiceStringLabel(label.SuffixFrontendRedirectReplacement, ""),
+		"getServiceRedirectRegex":        getFuncServiceStringLabel(label.SuffixFrontendRedirectRegex, ""),
+		"hasServiceRequestHeaders":       hasFuncServiceLabel(label.SuffixFrontendRequestHeaders),
+		"getServiceRequestHeaders":       getFuncServiceMapLabel(label.SuffixFrontendRequestHeaders),
+		"hasServiceResponseHeaders":      hasFuncServiceLabel(label.SuffixFrontendResponseHeaders),
+		"getServiceResponseHeaders":      getFuncServiceMapLabel(label.SuffixFrontendResponseHeaders),
+		"hasServiceErrorPages":           hasServiceErrorPages,
+		"getServiceErrorPages":           getServiceErrorPages,
+		"hasServiceRateLimits":           hasFuncServiceLabel(label.SuffixFrontendRateLimitExtractorFunc),
+		"getServiceRateLimits":           getServiceRateLimits,
 	}
 	// filter containers
 	filteredContainers := fun.Filter(func(container dockerData) bool {
--- a/templates/docker.tmpl
+++ b/templates/docker.tmpl
@ -66,8 +66,8 @@
      "{{.}}",
      {{end}}]

-    {{if getWhitelistSourceRange $container}}
-    whitelistSourceRange = [{{range getWhitelistSourceRange $container}}
+    {{if getServiceWhitelistSourceRange $container $serviceName}}
+    whitelistSourceRange = [{{range getServiceWhitelistSourceRange $container $serviceName}}
      "{{.}}",
      {{end}}]
    {{end}}