I'm aware of the fact that the regex middleware can be used as a docker-compose label and be externally configured in a for example treafik dynamic file
What I want to achieve is the same behavior on a global scale, which means all request coming into traffic on example.de should be redirected to example.com.
example.de/start -> example.com/start
Is there a way I can achieve this redirection behavior without specifying the middleware in every single docker-compose file ?
docker-compose.yml
- traefik.http.routers.test.middlewares=test-de-redirect#file
traefik_dynamic.yml
http:
middlewares:
test-de-redirect:
redirectRegex:
regex: "https://(.*)?example.de(.*)"
replacement: "https://${1}example.com${2}"
RedirectRegex
Related
I'm trying to use envoy ratelimiting functionality and need to ratelimit based on the entire url in my request, e.g. https://myenvoy.com/path/to/smth
Here is a part of my envoy.yaml
routes:
- match: { prefix: "/" }
route:
cluster: backend
rate_limits:
- stage: 0
actions:
- {request_headers: {header_name: ":path", descriptor_key: "path"}}
When I run
curl -k https://myenvoy.com/path/to/smth
The above configuration creates descriptor value /path/to/smth whereas I would like to have descriptor of value https://myenvoy.com/path/to/smth
Is it possible to configure that with envoy?
Thank you
PS: I looked at these header values and tried to use some, but it didn't help
https://github.com/envoyproxy/envoy/blob/master/source/common/http/headers.h
From further investigation,
- {request_headers: {header_name: "host", descriptor_key: "host"}}
does the job
We are running a service behind an nginx proxy so that:
http://service-post:8080/swagger-ui.html is routed to public address https://host.com/services/post/swagger-ui.html
Or to define from the other way:
When nginx receives request on https://host.com/services/post/swagger-ui.html, it strips the /services/post/ prefix and passes the request to the post service on /swagger-ui.html path.
Before setting up anything (with default SpringDoc configuration) I can correctly see the swagger docs on http://service-post:8080/swagger-ui.html.
To set the paths for the public address on host.com, I am using:
springdoc.api-docs.path: /services/post/api-docs
springdoc.swagger-ui.path: /services/post/swagger-ui.html
springdoc.swagger-ui.configUrl: /services/post/v3/api-docs/swagger-config
However it seems that this brakes it completely:
/swagger-ui.html, /api-docs and /v3/api-docs/swagger-config return 404 both for service-post:8080/* and https://host.com/services/post/*
Only thing that seems to work is https://host.com/services/post/swagger-ui/index.html which shows the petstore documentation.
We are not using Spring Boot, just Spring MVC of version 5.3.1.
So how do I set up to keep the handling of the original paths (eg. /api-docs), but performing the lookup on the prefixed path (/services/post/api-docs)?
In the end I completely ignore the default redirect:
swagger-ui.html -> `swagger-ui/index.html?url=/v3/api-docs
And implemented my own one:
docs -> swagger-ui/index.html?url=MY_PREFIX/v3/api-docs
This way I don't need to change anything and everything works with default settings.
It's all documented here:
https://springdoc.org/index.html#how-can-i-deploy-springdoc-openapi-ui-behind-a-reverse-proxy
If you are not using spring-boot, you can add the ForwardedHeaderFilter bean:
https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/ForwardedHeaderFilter.html
I have a Micronaut web-app that uses OpenId / OAuth2 / JWT. In some environments, everything works really well with this set up, however, in other environments, auth fails during the step where the configured callback-uri is called. For some reason, in these environments, the URL generated is "http" instead of "https". This causes the call to fail since my application is only accessible over https.
I have no clue why it is trying to use http in the first place, however, if I was able to specify the callback-uri as an absolute / full URL, then I could probably work around this anomaly in these environments.
An example yml config that I use:
application:
name: xxxxx
security:
authentication: idtoken
oauth2:
enabled: true
clients:
azure:
client-id: ${OAUTH_CLIENT_ID}
client-secret: ${OAUTH_CLIENT_SECRET}
openid:
issuer: https://login.microsoftonline.com/xxx
callback-uri: ${OAUTH_CALLBACK_URI}
redirect:
login-success: ${LOGIN_SUCCESS_URL}
logout: '/logout-handler/logout-success'
endpoints:
logout:
get-allowed: true
token:
jwt:
cookie:
cookie-same-site: none
cookie-secure: true
In this config if I set the callback-uri environment variable (OAUTH_CALLBACK_URI) to /oauth/callback/azure, for example, then the full URL that seems to be used is http://xxxxx/oauth/callback/azure. However, if I use a full URL for the environment variable, e.g. https://xxxxx/oauth/callback/azure then the full URL it uses still appends that as opposed to using it as an absolute URL, i.e. http://xxxxx/https://xxxxx/oauth/callback/azure.
Is it possible to specify this uri as an absolute one and not have it append it like the above effectively duplicating it?
Good news. This was fixed in micronaut-security 2.3.4
https://github.com/micronaut-projects/micronaut-security/pull/644
string loginip = Request.Headers["X-Forwarded-For"].FirstOrDefault();// not get
string loginip = HttpContext.Connection.RemoteIpAddress?.ToString();// not get,only get docker ip
Is there any other way?
You're on the right track where you're using the X-Forwarded-For.
It's the responsibility of the process that's forwarding the HTTP Request to the container to add the value(s) to that header.
This normally involves using a reverse proxy such as nginx.
https://www.thepolyglotdeveloper.com/2017/03/nginx-reverse-proxy-containerized-docker-applications/
I have an app with normal Heroku name (my-app433.heroku.com)
And I've added the custom domain (www.mywebsite.com)
It's simple "forwarding with masking" (www.mywebsite.com points to my-app433.heroku.com - like Heroku suggests).
But I don't like that when I go to www.mywebsite.com - the http headers say 302 Found - my-app433.heroku.com and then gives all the content.
Is there a way to hide the fact that it's forwarding?
(I'd like to get a simple 200Ok as if www.mywebsite.com is direct domain).
Unless you have a reason not to, I'd switch from "forwarding with masking" to sending the traffic directly to Heroku using a CNAME record in your DNS.
That's how I'm doing it on my site if you want to compare:
> nslookup www.toxinless.com
...
www.toxinless.com canonical name = toxinless.herokuapp.com.
...
> curl http://www.toxinless.com -I
...
HTTP/1.1 200 OK
...