I am using Traefik v2 and I would like to write a rule to apply headers if the Client IP is a specific one. This rule must apply to all proxied services and I wonder if I can define this rule only once in the yaml file.
The rule should be something like:
http:
routers:
from-legacy-client:
entryPoints:
- web
rule: ClientIP(`192.168.1.1`)
middlewares:
- legacy-headers
middlewares:
legacy-headers:
headers:
customRequestHeaders:
X-dco-role: "DCO"
Iknow it currently does not work because I have not defined the destination service. Is it possible to "wildcard" the involved services meaning "all services"?
Related
I'm trying to setup application gateway in-front of my two app services which are API's sitting in a separate subnet on its own.
Let's say API1 and API2.
I have exposed the app services only to be accessed using a private endpoint within a VNET.
The following are my setup with application gateway,
Have created two backend pools as below,
i) API1 -> App services pointing to API1
ii) API2 -> App services pointing to API2
Have mapped the front-end IP to the public IP of the gateway
Have created an HTTPS inbound listener
i) Port: 443
ii) FrontendIP: Public IP of the gateway
iii) Have added my wild card certificate
iv) Listener type: Multi site
v) Host type: Single
vi) Domain name: MyDomain.com
Have associated a rule to my listener to map the backend path based rule as below,
To test in my windows hosts file I have added my public-IP to hostname created in my listener,
13.xx.xx.xx MyDomain.com
Now to test my routing logic, my default backend target is API1, where if I use mydomain.com/api2/ is suppose it would load the API2 response. But the following is happening for me,
MyDomain.com/ -> Loads the default API response
MyDomain.com/API1/ -> Gives HTTP 404 error response (Expected: Loads API1 response)
MyDomain.com/API2/ -> Gives HTTP 404 error response (Expected: Loads API2 response)
Please let me know if one can share input on what am I missing here to get this sorted.
I'm currently trying to get traefik to use multiple routers and services on a single container, which isn't working and i don't know if this is intended at all.
Why?
Specificly i'm using an gitlab omnibus container and wanted to use / access multiple services inside the omnibus container since gitlab is providing not only "the gitlab website" with it.
What did i try?
I simply tried adding another router to my docker compose file via labels
This is what i have:
labels:
- "traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
This is what i want:
labels:
- "traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
- "traefik.http.routers.registry.rule=Host(`registry.gitlab.example.com`)"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
This doesn't work since traefik probably getting confused with what to route to which service and i couldn't find a mechanism that tells traefik exactly which router goes to which service in a case like this.
Is this even possible or am i just missing a little bit of traefik magic?
I found the solution to my Question.
There's indeed a little bit i missed:
traefik.http.routers.myRouter.service=myService
With this Label i can point a Router to a specific Service and should be able to add multiple services to one container:
labels:
- "traefik.http.routers.gitlab.rule=Host(`gitlab.example.com`)"
- "traefik.http.routers.gitlab.service=gitlab"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
- "traefik.http.routers.registry.rule=Host(`registry.gitlab.example.com`)"
- "traefik.http.routers.registry.service=registry"
- "traefik.http.services.registry.loadbalancer.server.port=5000"
Here each router is pointed to a specific service explicitly which normally happens implicitly.
Using docker as backend and traefik as proxy, I'm using this label, under the service in docker-compose.yml
traefik.enable=true
traefik.frontend.rule=Host:sub.example.com
traefik.backend.port=80
traefik.docker.network=http_network
How to allow our user, to be able use their domain or subdomain by using CNAME redirect, such as
sub.usera.com CNAME sub.example.com
I already make my web app to handle the host redirect. But i can't get it work. It always resulting to "404 page not found", but the request never passed through our apps. The traefik log also resulting in 404 because it doesn't contain frontend rule of sub.usera.com. Does it mean, it not possible to serve a CNAME redirection using traefik?
change frontend.rule into traefik.frontend.rule=Host:sub.example.com,sub.usera.com
Right now my OpenAPI 2.0 YAML file has only one host URL:
host: petstore.test.com
basePath: /
Can I use multiple hosts like this?
host1: petstore.test.com
host2: petstore1.test.com
host3: petstore2.dev.com
OpenAPI 2.0 (Swagger 2.0) only supports a single host with multiple schemes (HTTP/HTTPS/etc.), so you can effectively have two hosts that only vary in the scheme:
host: petstore.test.com
schemes:
- http
- https
But OpenAPI 3.x supports multiple hosts with different schemes and base paths:
servers:
- url: https://petstore.prd.com
description: Production server
- url: {scheme}://petstore.dev.com/subpath
description: Development server
templates:
scheme:
enum:
- http
- https
default: https
For more examples, see this answer.
It is now possible in OpenApi 3.0
Here is a description:
Multiple hosts are supported in OpenAPI 3.0. 2.0 supports only one
host per API specification (or two if you count HTTP and HTTPS as
different hosts). A possible way to target multiple hosts is to omit
the host and schema from your specification and serve it from each
host. In this case, each copy of the specification will target the
corresponding host.
I have a pretty unique predicament here. I'm using Twilio and need to test my Twiml response on my local machine. The goto solution for that is ngrok, but the problem is that the site I'm working on relies on subdomains for proper routing. There is no mysite.com, only sub.mysite.com. In the local environment I've modified hosts to redirect sub.mysite.dev to 127.0.0.1, but I haven't a clue how to solve this over a tunnel. Any thoughts?
I'm the creator of ngrok.
You can still make this work with ngrok, you'll just need to decide on a few subdomains up front that you want to use for testing. ngrok lets you forward multiple tunnels via the configuration file (https://ngrok.com/usage#config) Example configuration file:
tunnels:
one.mysite:
proto:
http: 80
two.mysite:
proto:
http: 80
three.mysite:
proto:
http: 80
This will forward
one.mysite.ngrok.com -> 127.0.0.1:80
two.mysite.ngrok.com -> 127.0.0.1:80
three.mysite.ngrok.com -> 127.0.0.1:80
It's not a wildcard (ngrok doesn't support wildcards at the moment), but having a few subdomains setup should be good enough for testing, I imagine.