TCP Middlewares

Controlling connections

Overview

Configuration Example

Docker & Swarm

  1. # As a Docker Label
  2. whoami:
  3.   #  A container that exposes an API to show its IP address
  4.   image: traefik/whoami
  5.   labels:
  6.     # Create a middleware named `foo-ip-allowlist`
  7.     - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
  8.     # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
  9.     - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"

IngressRoute

  1. # As a Kubernetes Traefik IngressRoute
  2. ---
  3. apiVersion: traefik.io/v1alpha1
  4. kind: MiddlewareTCP
  5. metadata:
  6.   name: foo-ip-allowlist
  7. spec:
  8.   ipAllowList:
  9.     sourcerange:
  10.       - 127.0.0.1/32
  11.       - 192.168.1.7
  13. ---
  14. apiVersion: traefik.io/v1alpha1
  15. kind: IngressRouteTCP
  16. metadata:
  17.   name: ingressroute
  18. spec:
  19. # more fields...
  20.   routes:
  21.     # more fields...
  22.     middlewares:
  23.       - name: foo-ip-allowlist

Consul Catalog

  1. # Create a middleware named `foo-ip-allowlist`
  2. - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
  3. # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
  4. - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"

File (TOML)

  1. # As TOML Configuration File
  2. [tcp.routers]
  3.   [tcp.routers.router1]
  4.     service = "myService"
  5.     middlewares = ["foo-ip-allowlist"]
  6.     rule = "Host(`example.com`)"
  8. [tcp.middlewares]
  9.   [tcp.middlewares.foo-ip-allowlist.ipAllowList]
  10.     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
  12. [tcp.services]
  13.   [tcp.services.service1]
  14.     [tcp.services.service1.loadBalancer]
  15.     [[tcp.services.service1.loadBalancer.servers]]
  16.       address = "10.0.0.10:4000"
  17.     [[tcp.services.service1.loadBalancer.servers]]
  18.       address = "10.0.0.11:4000"

File (YAML)

  1. # As YAML Configuration File
  2. tcp:
  3.   routers:
  4.     router1:
  5.       service: myService
  6.       middlewares:
  7.         - "foo-ip-allowlist"
  8.       rule: "Host(`example.com`)"
  10.   middlewares:
  11.     foo-ip-allowlist:
  12.       ipAllowList:
  13.         sourceRange:
  14.           - "127.0.0.1/32"
  15.           - "192.168.1.7"
  17.   services:
  18.     service1:
  19.       loadBalancer:
  20.         servers:
  21.         - address: "10.0.0.10:4000"
  22.         - address: "10.0.0.11:4000"

Available TCP Middlewares

MiddlewarePurposeArea
InFlightConnLimits the number of simultaneous connections.Security, Request lifecycle
IPAllowListLimit the allowed client IPs.Security, Request lifecycle