Chain

When One Isn’t Enough

Chain

The Chain middleware enables you to define reusable combinations of other pieces of middleware. It makes reusing the same groups easier.

Configuration Example

Example “A Chain for WhiteList, BasicAuth, and HTTPS”

Docker

  1. labels:
  2. - "traefik.http.routers.router1.service=service1"
  3. - "traefik.http.routers.router1.middlewares=secured"
  4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  9. - "http.services.service1.loadbalancer.server.port=80"

Kubernetes

  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: IngressRoute
  3. metadata:
  4. name: test
  5. namespace: default
  6. spec:
  7. entryPoints:
  8. - web
  9. routes:
  10. - match: Host(`mydomain`)
  11. kind: Rule
  12. services:
  13. - name: whoami
  14. port: 80
  15. middlewares:
  16. - name: secured
  17. ---
  18. apiVersion: traefik.containo.us/v1alpha1
  19. kind: Middleware
  20. metadata:
  21. name: secured
  22. spec:
  23. chain:
  24. middlewares:
  25. - name: https-only
  26. - name: known-ips
  27. - name: auth-users
  28. ---
  29. apiVersion: traefik.containo.us/v1alpha1
  30. kind: Middleware
  31. metadata:
  32. name: auth-users
  33. spec:
  34. basicAuth:
  35. users:
  36. - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
  37. ---
  38. apiVersion: traefik.containo.us/v1alpha1
  39. kind: Middleware
  40. metadata:
  41. name: https-only
  42. spec:
  43. redirectScheme:
  44. scheme: https
  45. ---
  46. apiVersion: traefik.containo.us/v1alpha1
  47. kind: Middleware
  48. metadata:
  49. name: known-ips
  50. spec:
  51. ipWhiteList:
  52. sourceRange:
  53. - 192.168.1.7
  54. - 127.0.0.1/32

Consul Catalog

  1. - "traefik.http.routers.router1.service=service1"
  2. - "traefik.http.routers.router1.middlewares=secured"
  3. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  4. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  5. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  6. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  7. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  8. - "http.services.service1.loadbalancer.server.port=80"

Marathon

  1. "labels": {
  2. "traefik.http.routers.router1.service": "service1",
  3. "traefik.http.routers.router1.middlewares": "secured",
  4. "traefik.http.routers.router1.rule": "Host(`mydomain`)",
  5. "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
  6. "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
  7. "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
  8. "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
  9. "http.services.service1.loadbalancer.server.port": "80"
  10. }

Rancher

  1. labels:
  2. - "traefik.http.routers.router1.service=service1"
  3. - "traefik.http.routers.router1.middlewares=secured"
  4. - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  5. - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  6. - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  7. - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  8. - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
  9. - "http.services.service1.loadbalancer.server.port=80"

File (TOML)

  1. # ...
  2. [http.routers]
  3. [http.routers.router1]
  4. service = "service1"
  5. middlewares = ["secured"]
  6. rule = "Host(`mydomain`)"
  7. [http.middlewares]
  8. [http.middlewares.secured.chain]
  9. middlewares = ["https-only", "known-ips", "auth-users"]
  10. [http.middlewares.auth-users.basicAuth]
  11. users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
  12. [http.middlewares.https-only.redirectScheme]
  13. scheme = "https"
  14. [http.middlewares.known-ips.ipWhiteList]
  15. sourceRange = ["192.168.1.7", "127.0.0.1/32"]
  16. [http.services]
  17. [http.services.service1]
  18. [http.services.service1.loadBalancer]
  19. [[http.services.service1.loadBalancer.servers]]
  20. url = "http://127.0.0.1:80"

File (YAML)

  1. # ...
  2. http:
  3. routers:
  4. router1:
  5. service: service1
  6. middlewares:
  7. - secured
  8. rule: "Host(`mydomain`)"
  9. middlewares:
  10. secured:
  11. chain:
  12. middlewares:
  13. - https-only
  14. - known-ips
  15. - auth-users
  16. auth-users:
  17. basicAuth:
  18. users:
  19. - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  20. https-only:
  21. redirectScheme:
  22. scheme: https
  23. known-ips:
  24. ipWhiteList:
  25. sourceRange:
  26. - "192.168.1.7"
  27. - "127.0.0.1/32"
  28. services:
  29. service1:
  30. loadBalancer:
  31. servers:
  32. - url: "http://127.0.0.1:80"