253 lines
8.2 KiB
Go
253 lines
8.2 KiB
Go
package config
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"reflect"
|
|
|
|
traefiktls "github.com/containous/traefik/pkg/tls"
|
|
)
|
|
|
|
// Router holds the router configuration.
|
|
type Router struct {
|
|
EntryPoints []string `json:"entryPoints"`
|
|
Middlewares []string `json:"middlewares,omitempty" toml:",omitempty"`
|
|
Service string `json:"service,omitempty" toml:",omitempty"`
|
|
Rule string `json:"rule,omitempty" toml:",omitempty"`
|
|
Priority int `json:"priority,omitempty" toml:"priority,omitzero"`
|
|
TLS *RouterTLSConfig `json:"tls,omitempty" toml:"tls,omitzero" label:"allowEmpty"`
|
|
}
|
|
|
|
// RouterTLSConfig holds the TLS configuration for a router
|
|
type RouterTLSConfig struct {
|
|
Options string `json:"options,omitempty" toml:"options,omitzero"`
|
|
}
|
|
|
|
// TCPRouter holds the router configuration.
|
|
type TCPRouter struct {
|
|
EntryPoints []string `json:"entryPoints"`
|
|
Service string `json:"service,omitempty" toml:",omitempty"`
|
|
Rule string `json:"rule,omitempty" toml:",omitempty"`
|
|
TLS *RouterTCPTLSConfig `json:"tls,omitempty" toml:"tls,omitzero" label:"allowEmpty"`
|
|
}
|
|
|
|
// RouterTCPTLSConfig holds the TLS configuration for a router
|
|
type RouterTCPTLSConfig struct {
|
|
Passthrough bool `json:"passthrough" toml:"passthrough,omitzero"`
|
|
Options string `json:"options,omitempty" toml:"options,omitzero"`
|
|
}
|
|
|
|
// LoadBalancerService holds the LoadBalancerService configuration.
|
|
type LoadBalancerService struct {
|
|
Stickiness *Stickiness `json:"stickiness,omitempty" toml:",omitempty" label:"allowEmpty"`
|
|
Servers []Server `json:"servers,omitempty" toml:",omitempty" label-slice-as-struct:"server"`
|
|
HealthCheck *HealthCheck `json:"healthCheck,omitempty" toml:",omitempty"`
|
|
PassHostHeader bool `json:"passHostHeader" toml:",omitempty"`
|
|
ResponseForwarding *ResponseForwarding `json:"forwardingResponse,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// TCPLoadBalancerService holds the LoadBalancerService configuration.
|
|
type TCPLoadBalancerService struct {
|
|
Servers []TCPServer `json:"servers,omitempty" toml:",omitempty" label-slice-as-struct:"server"`
|
|
}
|
|
|
|
// Mergeable tells if the given service is mergeable.
|
|
func (l *TCPLoadBalancerService) Mergeable(loadBalancer *TCPLoadBalancerService) bool {
|
|
savedServers := l.Servers
|
|
defer func() {
|
|
l.Servers = savedServers
|
|
}()
|
|
l.Servers = nil
|
|
|
|
savedServersLB := loadBalancer.Servers
|
|
defer func() {
|
|
loadBalancer.Servers = savedServersLB
|
|
}()
|
|
loadBalancer.Servers = nil
|
|
|
|
return reflect.DeepEqual(l, loadBalancer)
|
|
}
|
|
|
|
// Mergeable tells if the given service is mergeable.
|
|
func (l *LoadBalancerService) Mergeable(loadBalancer *LoadBalancerService) bool {
|
|
savedServers := l.Servers
|
|
defer func() {
|
|
l.Servers = savedServers
|
|
}()
|
|
l.Servers = nil
|
|
|
|
savedServersLB := loadBalancer.Servers
|
|
defer func() {
|
|
loadBalancer.Servers = savedServersLB
|
|
}()
|
|
loadBalancer.Servers = nil
|
|
|
|
return reflect.DeepEqual(l, loadBalancer)
|
|
}
|
|
|
|
// SetDefaults Default values for a LoadBalancerService.
|
|
func (l *LoadBalancerService) SetDefaults() {
|
|
l.PassHostHeader = true
|
|
}
|
|
|
|
// ResponseForwarding holds configuration for the forward of the response.
|
|
type ResponseForwarding struct {
|
|
FlushInterval string `json:"flushInterval,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// Stickiness holds the stickiness configuration.
|
|
type Stickiness struct {
|
|
CookieName string `json:"cookieName,omitempty" toml:",omitempty"`
|
|
SecureCookie bool `json:"secureCookie,omitempty" toml:",omitempty"`
|
|
HTTPOnlyCookie bool `json:"httpOnlyCookie,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// Server holds the server configuration.
|
|
type Server struct {
|
|
URL string `json:"url" label:"-"`
|
|
Scheme string `toml:"-" json:"-"`
|
|
Port string `toml:"-" json:"-"`
|
|
}
|
|
|
|
// TCPServer holds a TCP Server configuration
|
|
type TCPServer struct {
|
|
Address string `json:"address" label:"-"`
|
|
Port string `toml:"-" json:"-"`
|
|
}
|
|
|
|
// SetDefaults Default values for a Server.
|
|
func (s *Server) SetDefaults() {
|
|
s.Scheme = "http"
|
|
}
|
|
|
|
// HealthCheck holds the HealthCheck configuration.
|
|
type HealthCheck struct {
|
|
Scheme string `json:"scheme,omitempty" toml:",omitempty"`
|
|
Path string `json:"path,omitempty" toml:",omitempty"`
|
|
Port int `json:"port,omitempty" toml:",omitempty,omitzero"`
|
|
// FIXME change string to types.Duration
|
|
Interval string `json:"interval,omitempty" toml:",omitempty"`
|
|
// FIXME change string to types.Duration
|
|
Timeout string `json:"timeout,omitempty" toml:",omitempty"`
|
|
Hostname string `json:"hostname,omitempty" toml:",omitempty"`
|
|
Headers map[string]string `json:"headers,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// CreateTLSConfig creates a TLS config from ClientTLS structures.
|
|
func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
|
|
if clientTLS == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
var err error
|
|
caPool := x509.NewCertPool()
|
|
clientAuth := tls.NoClientCert
|
|
if clientTLS.CA != "" {
|
|
var ca []byte
|
|
if _, errCA := os.Stat(clientTLS.CA); errCA == nil {
|
|
ca, err = ioutil.ReadFile(clientTLS.CA)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to read CA. %s", err)
|
|
}
|
|
} else {
|
|
ca = []byte(clientTLS.CA)
|
|
}
|
|
|
|
if !caPool.AppendCertsFromPEM(ca) {
|
|
return nil, fmt.Errorf("failed to parse CA")
|
|
}
|
|
|
|
if clientTLS.CAOptional {
|
|
clientAuth = tls.VerifyClientCertIfGiven
|
|
} else {
|
|
clientAuth = tls.RequireAndVerifyClientCert
|
|
}
|
|
}
|
|
|
|
cert := tls.Certificate{}
|
|
_, errKeyIsFile := os.Stat(clientTLS.Key)
|
|
|
|
if !clientTLS.InsecureSkipVerify && (len(clientTLS.Cert) == 0 || len(clientTLS.Key) == 0) {
|
|
return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
|
|
}
|
|
|
|
if len(clientTLS.Cert) > 0 && len(clientTLS.Key) > 0 {
|
|
if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil {
|
|
if errKeyIsFile == nil {
|
|
cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to load TLS keypair: %v", err)
|
|
}
|
|
} else {
|
|
return nil, fmt.Errorf("tls cert is a file, but tls key is not")
|
|
}
|
|
} else {
|
|
if errKeyIsFile != nil {
|
|
cert, err = tls.X509KeyPair([]byte(clientTLS.Cert), []byte(clientTLS.Key))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to load TLS keypair: %v", err)
|
|
|
|
}
|
|
} else {
|
|
return nil, fmt.Errorf("TLS key is a file, but tls cert is not")
|
|
}
|
|
}
|
|
}
|
|
|
|
return &tls.Config{
|
|
Certificates: []tls.Certificate{cert},
|
|
RootCAs: caPool,
|
|
InsecureSkipVerify: clientTLS.InsecureSkipVerify,
|
|
ClientAuth: clientAuth,
|
|
}, nil
|
|
}
|
|
|
|
// Message holds configuration information exchanged between parts of traefik.
|
|
type Message struct {
|
|
ProviderName string
|
|
Configuration *Configuration
|
|
}
|
|
|
|
// Configuration is the root of the dynamic configuration
|
|
type Configuration struct {
|
|
HTTP *HTTPConfiguration
|
|
TCP *TCPConfiguration
|
|
TLS *TLSConfiguration
|
|
}
|
|
|
|
// TLSConfiguration contains all the configuration parameters of a TLS connection.
|
|
type TLSConfiguration struct {
|
|
Certificates []*traefiktls.CertAndStores `json:"-" label:"-" yaml:"certificates"`
|
|
Options map[string]traefiktls.Options
|
|
Stores map[string]traefiktls.Store
|
|
}
|
|
|
|
// Configurations is for currentConfigurations Map.
|
|
type Configurations map[string]*Configuration
|
|
|
|
// HTTPConfiguration contains all the HTTP configuration parameters.
|
|
type HTTPConfiguration struct {
|
|
Routers map[string]*Router `json:"routers,omitempty" toml:",omitempty"`
|
|
Middlewares map[string]*Middleware `json:"middlewares,omitempty" toml:",omitempty"`
|
|
Services map[string]*Service `json:"services,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// TCPConfiguration contains all the TCP configuration parameters.
|
|
type TCPConfiguration struct {
|
|
Routers map[string]*TCPRouter `json:"routers,omitempty" toml:",omitempty"`
|
|
Services map[string]*TCPService `json:"services,omitempty" toml:",omitempty"`
|
|
}
|
|
|
|
// Service holds a service configuration (can only be of one type at the same time).
|
|
type Service struct {
|
|
LoadBalancer *LoadBalancerService `json:"loadbalancer,omitempty" toml:",omitempty,omitzero"`
|
|
}
|
|
|
|
// TCPService holds a tcp service configuration (can only be of one type at the same time).
|
|
type TCPService struct {
|
|
LoadBalancer *TCPLoadBalancerService `json:"loadbalancer,omitempty" toml:",omitempty,omitzero"`
|
|
}
|