• Chain
    • Configuration Example

    Chain

    When One Isn't Enough

    Chain

    The Chain middleware enables you to define reusable combinations of other pieces of middleware.It makes reusing the same groups easier.

    Configuration Example

    Example "A Chain for WhiteList, BasicAuth, and HTTPS"

    1. labels:
    2. - "traefik.http.routers.router1.service=service1"
    3. - "traefik.http.routers.router1.middlewares=secured"
    4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
    5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
    6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
    7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
    8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
    9. - "http.services.service1.loadbalancer.server.port=80"
    1. apiVersion: traefik.containo.us/v1alpha1
    2. kind: IngressRoute
    3. metadata:
    4.   name: test
    5.   namespace: default
    7. spec:
    8.   entryPoints:
    9.     - web
    11.   routes:
    12.     - match: Host(`mydomain`)
    13.       kind: Rule
    14.       services:
    15.         - name: whoami
    16.           port: 80
    17.       middlewares:
    18.         - name: secured
    19. ---
    20. apiVersion: traefik.containo.us/v1alpha1
    21. kind: Middleware
    22. metadata:
    23.   name: secured
    24. spec:
    25.   chain:
    26.     middlewares:
    27.     - name: https-only
    28.     - name: known-ips
    29.     - name: auth-users
    30. ---
    31. apiVersion: traefik.containo.us/v1alpha1
    32. kind: Middleware
    33. metadata:
    34.   name: auth-users
    35. spec:
    36.   basicAuth:
    37.     users:
    38.     - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
    39. ---
    40. apiVersion: traefik.containo.us/v1alpha1
    41. kind: Middleware
    42. metadata:
    43.   name: https-only
    44. spec:
    45.   redirectScheme:
    46.     scheme: https
    47. ---
    48. apiVersion: traefik.containo.us/v1alpha1
    49. kind: Middleware
    50. metadata:
    51.   name: known-ips
    52. spec:
    53.   ipWhiteList:
    54.     sourceRange:
    55.     - 192.168.1.7
    56.     - 127.0.0.1/32
    1. "labels": {
    2.   "traefik.http.routers.router1.service": "service1",
    3.   "traefik.http.routers.router1.middlewares": "secured",
    4.   "traefik.http.routers.router1.rule": "Host(`mydomain`)",
    5.   "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
    6.   "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
    7.   "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
    8.   "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
    9.   "http.services.service1.loadbalancer.server.port": "80"
    10. }
    1. labels:
    2. - "traefik.http.routers.router1.service=service1"
    3. - "traefik.http.routers.router1.middlewares=secured"
    4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
    5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
    6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
    7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
    8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
    9. - "http.services.service1.loadbalancer.server.port=80"
    1. # ...    
    2. [http.routers]
    3.   [http.routers.router1]
    4.     service = "service1"
    5.     middlewares = ["secured"]
    6.     rule = "Host(`mydomain`)"
    8. [http.middlewares]
    9.   [http.middlewares.secured.chain]
    10.     middlewares = ["https-only", "known-ips", "auth-users"]
    12.   [http.middlewares.auth-users.basicAuth]
    13.     users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
    15.   [http.middlewares.https-only.redirectScheme]
    16.     scheme = "https"
    18.   [http.middlewares.known-ips.ipWhiteList]
    19.     sourceRange = ["192.168.1.7", "127.0.0.1/32"]
    21. [http.services]
    22.   [http.services.service1]
    23.     [http.services.service1.loadBalancer]
    24.       [[http.services.service1.loadBalancer.servers]]
    25.         url = "http://127.0.0.1:80"
    1. # ...    
    2. http:
    3.   routers:
    4.     router1:
    5.       service: service1
    6.       middlewares:
    7.       - secured
    8.       rule: "Host(`mydomain`)"
    10.   middlewares:
    11.     secured:
    12.       chain:
    13.         middlewares:
    14.         - https-only
    15.         - known-ips
    16.         - auth-users
    18.     auth-users:
    19.       basicAuth:
    20.         users:
    21.         - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
    23.     https-only:
    24.       redirectScheme:
    25.         scheme: https
    27.     known-ips:
    28.       ipWhiteList:
    29.         sourceRange:
    30.         - "192.168.1.7"
    31.         - "127.0.0.1/32"
    33.   services:
    34.     service1:
    35.       loadBalancer:
    36.         servers:
    37.         - url: "http://127.0.0.1:80"