baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix(docker): whitelist on services.

Browse source
This commit is contained in:
Fernandez Ludovic 2017-12-19 23:56:26 +01:00 committed by Traefiker
parent 133aa77c21
commit dd7a8a9a87
3 changed files with 22 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/configuration/backends/docker.md
View file

@ -237,6 +237,7 @@ Services labels can be used for overriding default behaviour
| `traefik.<service-name>.frontend.redirect.regex=^http://localhost/(.*)` | Overrides `traefik.frontend.redirect.regex`. | | `traefik.<service-name>.frontend.redirect.regex=^http://localhost/(.*)` | Overrides `traefik.frontend.redirect.regex`. |
| `traefik.<service-name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`. | | `traefik.<service-name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`. |
| `traefik.<service-name>.frontend.rule` | Overrides `traefik.frontend.rule`. | | `traefik.<service-name>.frontend.rule` | Overrides `traefik.frontend.rule`. |
| `traefik.<service-name>.frontend.whitelistSourceRange:RANGE` | Overrides `traefik.frontend.whitelistSourceRange`. |
#### Security Headers #### Security Headers

37
provider/docker/config.go
View file

@ -105,24 +105,25 @@ func (p *Provider) buildConfiguration(containersInspected []dockerData) *types.C
"getServiceProtocol": getFuncServiceStringLabel(label.SuffixProtocol, label.DefaultProtocol), "getServiceProtocol": getFuncServiceStringLabel(label.SuffixProtocol, label.DefaultProtocol),
"getServiceWeight": getFuncServiceStringLabel(label.SuffixWeight, label.DefaultWeight), "getServiceWeight": getFuncServiceStringLabel(label.SuffixWeight, label.DefaultWeight),
// Services - Frontend functions // Services - Frontend functions
"getServiceEntryPoints": getFuncServiceSliceStringLabel(label.SuffixFrontendEntryPoints), "getServiceEntryPoints": getFuncServiceSliceStringLabel(label.SuffixFrontendEntryPoints),
"getServiceBasicAuth": getFuncServiceSliceStringLabel(label.SuffixFrontendAuthBasic), "getServiceWhitelistSourceRange": getFuncServiceSliceStringLabel(label.TraefikFrontendWhitelistSourceRange),
"getServiceFrontendRule": p.getServiceFrontendRule, "getServiceBasicAuth": getFuncServiceSliceStringLabel(label.SuffixFrontendAuthBasic),
"getServicePassHostHeader": getFuncServiceStringLabel(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeader), "getServiceFrontendRule": p.getServiceFrontendRule,
"getServicePassTLSCert": getFuncServiceBoolLabel(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert), "getServicePassHostHeader": getFuncServiceStringLabel(label.SuffixFrontendPassHostHeader, label.DefaultPassHostHeader),
"getServicePriority": getFuncServiceStringLabel(label.SuffixFrontendPriority, label.DefaultFrontendPriority), "getServicePassTLSCert": getFuncServiceBoolLabel(label.SuffixFrontendPassTLSCert, label.DefaultPassTLSCert),
"hasServiceRedirect": hasServiceRedirect, "getServicePriority": getFuncServiceStringLabel(label.SuffixFrontendPriority, label.DefaultFrontendPriority),
"getServiceRedirectEntryPoint": getFuncServiceStringLabel(label.SuffixFrontendRedirectEntryPoint, label.DefaultFrontendRedirectEntryPoint), "hasServiceRedirect": hasServiceRedirect,
"getServiceRedirectReplacement": getFuncServiceStringLabel(label.SuffixFrontendRedirectReplacement, ""), "getServiceRedirectEntryPoint": getFuncServiceStringLabel(label.SuffixFrontendRedirectEntryPoint, label.DefaultFrontendRedirectEntryPoint),
"getServiceRedirectRegex": getFuncServiceStringLabel(label.SuffixFrontendRedirectRegex, ""), "getServiceRedirectReplacement": getFuncServiceStringLabel(label.SuffixFrontendRedirectReplacement, ""),
"hasServiceRequestHeaders": hasFuncServiceLabel(label.SuffixFrontendRequestHeaders), "getServiceRedirectRegex": getFuncServiceStringLabel(label.SuffixFrontendRedirectRegex, ""),
"getServiceRequestHeaders": getFuncServiceMapLabel(label.SuffixFrontendRequestHeaders), "hasServiceRequestHeaders": hasFuncServiceLabel(label.SuffixFrontendRequestHeaders),
"hasServiceResponseHeaders": hasFuncServiceLabel(label.SuffixFrontendResponseHeaders), "getServiceRequestHeaders": getFuncServiceMapLabel(label.SuffixFrontendRequestHeaders),
"getServiceResponseHeaders": getFuncServiceMapLabel(label.SuffixFrontendResponseHeaders), "hasServiceResponseHeaders": hasFuncServiceLabel(label.SuffixFrontendResponseHeaders),
"hasServiceErrorPages": hasServiceErrorPages, "getServiceResponseHeaders": getFuncServiceMapLabel(label.SuffixFrontendResponseHeaders),
"getServiceErrorPages": getServiceErrorPages, "hasServiceErrorPages": hasServiceErrorPages,
"hasServiceRateLimits": hasFuncServiceLabel(label.SuffixFrontendRateLimitExtractorFunc), "getServiceErrorPages": getServiceErrorPages,
"getServiceRateLimits": getServiceRateLimits, "hasServiceRateLimits": hasFuncServiceLabel(label.SuffixFrontendRateLimitExtractorFunc),
"getServiceRateLimits": getServiceRateLimits,
} }
// filter containers // filter containers
filteredContainers := fun.Filter(func(container dockerData) bool { filteredContainers := fun.Filter(func(container dockerData) bool {

4
templates/docker.tmpl
View file

@ -66,8 +66,8 @@
"{{.}}", "{{.}}",
{{end}}] {{end}}]
{{if getWhitelistSourceRange $container}} {{if getServiceWhitelistSourceRange $container $serviceName}}
whitelistSourceRange = [{{range getWhitelistSourceRange $container}} whitelistSourceRange = [{{range getServiceWhitelistSourceRange $container $serviceName}}
"{{.}}", "{{.}}",
{{end}}] {{end}}]
{{end}} {{end}}