Chain

When One Isn’t Enough

Chain

The Chain middleware enables you to define reusable combinations of other pieces of middleware. It makes reusing the same groups easier.

Configuration Example

Below is an example of a Chain containing WhiteList, BasicAuth, and RedirectScheme.

Docker

  1. labels:
  2. - "traefik.http.routers.router1.service=service1"
  3. - "traefik.http.routers.router1.middlewares=secured"
  4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  9. - "traefik.http.services.service1.loadbalancer.server.port=80"

Kubernetes

  1. apiVersion: traefik.io/v1alpha1
  2. kind: IngressRoute
  3. metadata:
  4. name: test
  5. namespace: default
  6. spec:
  7. entryPoints:
  8. - web
  9. routes:
  10. - match: Host(`mydomain`)
  11. kind: Rule
  12. services:
  13. - name: whoami
  14. port: 80
  15. middlewares:
  16. - name: secured
  17. ---
  18. apiVersion: traefik.io/v1alpha1
  19. kind: Middleware
  20. metadata:
  21. name: secured
  22. spec:
  23. chain:
  24. middlewares:
  25. - name: https-only
  26. - name: known-ips
  27. - name: auth-users
  28. ---
  29. apiVersion: traefik.io/v1alpha1
  30. kind: Middleware
  31. metadata:
  32. name: auth-users
  33. spec:
  34. basicAuth:
  35. users:
  36. - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
  37. ---
  38. apiVersion: traefik.io/v1alpha1
  39. kind: Middleware
  40. metadata:
  41. name: https-only
  42. spec:
  43. redirectScheme:
  44. scheme: https
  45. ---
  46. apiVersion: traefik.io/v1alpha1
  47. kind: Middleware
  48. metadata:
  49. name: known-ips
  50. spec:
  51. ipWhiteList:
  52. sourceRange:
  53. - 192.168.1.7
  54. - 127.0.0.1/32

Consul Catalog

  1. - "traefik.http.routers.router1.service=service1"
  2. - "traefik.http.routers.router1.middlewares=secured"
  3. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  4. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  5. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  6. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  7. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  8. - "traefik.http.services.service1.loadbalancer.server.port=80"

Marathon

  1. "labels": {
  2. "traefik.http.routers.router1.service": "service1",
  3. "traefik.http.routers.router1.middlewares": "secured",
  4. "traefik.http.routers.router1.rule": "Host(`mydomain`)",
  5. "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
  6. "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
  7. "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
  8. "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
  9. "traefik.http.services.service1.loadbalancer.server.port": "80"
  10. }

Rancher

  1. labels:
  2. - "traefik.http.routers.router1.service=service1"
  3. - "traefik.http.routers.router1.middlewares=secured"
  4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  9. - "traefik.http.services.service1.loadbalancer.server.port=80"

File (YAML)

  1. # ...
  2. http:
  3. routers:
  4. router1:
  5. service: service1
  6. middlewares:
  7. - secured
  8. rule: "Host(`mydomain`)"
  9. middlewares:
  10. secured:
  11. chain:
  12. middlewares:
  13. - https-only
  14. - known-ips
  15. - auth-users
  16. auth-users:
  17. basicAuth:
  18. users:
  19. - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  20. https-only:
  21. redirectScheme:
  22. scheme: https
  23. known-ips:
  24. ipWhiteList:
  25. sourceRange:
  26. - "192.168.1.7"
  27. - "127.0.0.1/32"
  28. services:
  29. service1:
  30. loadBalancer:
  31. servers:
  32. - url: "http://127.0.0.1:80"

File (TOML)

  1. # ...
  2. [http.routers]
  3. [http.routers.router1]
  4. service = "service1"
  5. middlewares = ["secured"]
  6. rule = "Host(`mydomain`)"
  7. [http.middlewares]
  8. [http.middlewares.secured.chain]
  9. middlewares = ["https-only", "known-ips", "auth-users"]
  10. [http.middlewares.auth-users.basicAuth]
  11. users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
  12. [http.middlewares.https-only.redirectScheme]
  13. scheme = "https"
  14. [http.middlewares.known-ips.ipWhiteList]
  15. sourceRange = ["192.168.1.7", "127.0.0.1/32"]
  16. [http.services]
  17. [http.services.service1]
  18. [http.services.service1.loadBalancer]
  19. [[http.services.service1.loadBalancer.servers]]
  20. url = "http://127.0.0.1:80"