I'm trying to serve my website via lambda function rather than having static files in S3, so I'm using serverless and aws-serverless-express. I have a single lambda function which is responsible for returning content for the whole Angular app and I have
custom:
customDomain:
domainName: www.mydomain.com
createRoute53Record: true
The problem is that in this case https://www. mydomain.com works, but https:// mydomain.com doesn't.
Question: how to configure something like this in a single serverless.yml
custom:
customDomain:
...
domainName: www.mydomain.com
createRoute53Record: true
...
domainName: mydomain.com
createRoute53Record: true
if it is not possible, how to overcome this problem in some other way ?
Related
I would like to get all requests from subdomain subdomainA.domain.io to subdomainB.domain.io with URL replace. I specifically do not want to have a redirect as I want to keep the original URL. Is that possible with replace?
I have tried replacePathRegex, but even the most straight up case doesn't seem to work (I have a second reverse proxy, used for identity, that doesn't recognize the new URL).
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-replaceregex
spec:
replacePathRegex:
regex: https://subdomainA.domain.io/graphql
replacement: https://subdomainB.domain.io/graphql
Is this possible in traefik (k8s) and if yes what needs to be done?
I'm trying to setup a route do a basic 301 redirect with the added benefit of supporting both HTTP and HTTPS requests. Expected results would be that requests to http://subdom.domain.org or https://subdom.domain.org would receive a 301 and be forwarded to https://othersub.domain.org/route. Actual results is that https://subdom.domain.org 301's as expected, but http://subdom.domain.org 404's. With the config, you can see I've tried doing both an elevate to HTTPS with the hopes that the rule might be caught there, but with the way the middleware is configured, I would expect it would work in either scenario.
Here's my current config:
http:
routers:
subdom.domain.org:
entryPoints:
- web
- web-secure
middlewares:
- https-redirect # I've tried with this on and off
- sudbdom-redirect
service: dummy
rule: Host(`subdom.domain.org`)
tls:
certResolver: letsEncryptResolver
middlewares:
https-redirect:
redirectScheme:
scheme: https
subdom-redirect:
redirectRegex:
regex: ".*"
replacement: "https://othersub.domain.org/route"
permanent: true
services:
dummy:
loadBalancer:
servers:
- url: localhost
I was originally having trouble matching specific regex patterns for the redirect, but in realizing I didn't really need to scope the pattern at all given that I'm applying it per route, a wildcard match seems to work quite well there. Any thoughts or suggestions are appreciated. Thanks!
You should try to make 2 different router one for web entry point where you can perform redirection and 2rd one for redirectRegex where you can redirect your application to different url.
Following TLS section from official documentation:
When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non TLS) requests).
Solutions:
1. Define separate routers (for http and https), but it noisy for multiple services.
If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers: one with the tls section, one without.
Example from documentation
2. Disable TLS for router
traefik.http.routers.YOUR-SERVICE.tls=false
Example:
services:
mailhog:
image: mailhog/mailhog
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role != manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.mailhog.rule=Host(`mailhog.somehost.ru`)"
- "traefik.http.routers.mailhog.service=mailhog"
- "traefik.http.routers.mailhog.entrypoints=web,websecure"
# Should be false
- "traefik.http.routers.mailhog.tls=false"
- "traefik.http.middlewares.redirectos.redirectscheme.scheme=https"
- "traefik.http.routers.mailhog.middlewares=redirectos"
- "traefik.http.services.mailhog.loadbalancer.server.port=8025"
- "traefik.tags=traefik-public"
- "traefik.docker.network=traefik-public"
I am trying to use the path based routing mechanism provided by Traefik ingress controller in Kubernetes but I have some issues with the url rewriting.
My [UPDATED] configuration is as follow
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/auth-type: "basic"
traefik.ingress.kubernetes.io/auth-tls-insecure: "true"
traefik.ingress.kubernetes.io/frontend-entry-points: "http,https"
traefik.ingress.kubernetes.io/app-root: "/"
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
traefik.ingress.kubernetes.io/rewrite-target: "/"
name: webapp-ingress
namespace: my-company
spec:
rules:
- host: local-ubuntu
- http:
paths:
- path: /
backend:
serviceName: webapp
servicePort: 80
- path: /db
backend:
serviceName: db-manager
servicePort: 8081
The traffic is routed to the right services but the url is still prefixed with /db when I look at the log for the db-manager (kubernetes) service.
What I would have expected with the PathPrefixStrip is that the traffic will be routed without the /db prefix to the container running the db-manager micro-service which is listening on / (http://db-manager:8081) on the backend side.
Am I missing something ? Is it supported by traefik or only nginx ?
Thank you by advance for your feedback.
[EDIT]
To be more specific I observe the following with the current annotations discussed below
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
traefik.ingress.kubernetes.io/rewrite-target: "/"
URL: http://local-ubuntu/db [OK] -> 200
Then other resources are loading but are pointing on the wrong base url
Example:
Resource URL is : http://local-ubuntu/public/css/bootstrap.min.css
But this should be : http://local-ubuntu/db/public/css/bootstrap.min.css
(which works when I've tried manually)
I am not sure what I am missing here in the current configuration.
Regarding the static contents not being served, the documentation states the following:
Use a *Strip matcher if your backend listens on the root path (/) but should be routeable on a specific prefix. For instance, PathPrefixStrip: /products would match /products but also /products/shoes and /products/shirts.
Since the path is stripped prior to forwarding, your backend is expected to listen on /.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return /products/shoes/image.png (and not /images.png which Traefik would likely not be able to associate with the same backend).
The X-Forwarded-Prefix header (available since Traefik 1.3) can be queried to build such URLs dynamically.
Thank you very much for your help in this matter.
First of all I had to fix an issue regarding the formatting of the annotations in the yaml file.
All the instructions with traefik as a prefix need to be double quoted
Example :
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip [Not
correct]
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
[correct]
In the first case none of the annotations were reflected in the ingress.
But I still cannot route properly the traffic.
With the current configuration only the resource served on / is returned.
None of the js, css or other resources are loaded.
So I wonder if I need to use the traefik.frontend.redirect.regex instruction.
Try with one of the following:
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
traefik.ingress.kubernetes.io/rewrite-target: "/
They both achieve similar results, but they are different, and they have slightly different behavior.
I would read more on our documentation for the differences: (https://docs.traefik.io/v1.7/configuration/backends/kubernetes/#general-annotations)
As for your second issue:
Resource URL is : local-ubuntu/public/css/bootstrap.min.css
But this should be : local-ubuntu/db/public/css/bootstrap.min.css (which works when I've tried
You stripped that path from the request...your DB service never sees the DB prefix...How is it supposed to know to add them back in?
You need to set a root URL in your web application to handle the stripped path.
Once you do that, you may not even need to strip the path at all, and just leave it as is. If you cannot set a base URL for your application, you may not be able to use directories for routing, and may have to use subdomains instead.
use only traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
Bellow what I used to send only subpath to my k8s pods
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: global-ingress
namespace: app
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
I need to do rewrite a URL of my application like this: https://router.vuejs.org/guide/essentials/history-mode.html#example-server-configurations
I'm using Traefik as a reverse proxy and Docker Compose.
Here is my raw configuration in Docker:
application:
build: ./domain.app
volumes:
- ./domain.app/dist:/app
networks:
- net
labels:
- "traefik.frontend.rule=Host:domain.me"
- "traefik.port=8081"
- "traefik.backend=domain.me"
- "traefik.frontend.entryPoints=http,https"
With that configuration:
https://domain.me is working
https://domain.me/anything returns 404
How can I fix this rewrite rule?
For vue.js router history mode you want to catch all Routes that do not point to a resource on the server and forward them to your index.html. For Example:
https://example.com --> /index.html
https://example.com/route/to/subsite --> /index.html
But you still want to be able to access resources that are on the server. E.g.:
https://example.com/path/to/kitten.jpg --> /path/to/kitten.jpg not /index.html
In order to do that you have to find a Backend Server supporting Catch-All Fallback. You can use the ones noted in the vue.js Guide (Apache, Nginx, Node, IIS)
Why can't I use traefik for this?
As stated above you still want to be able to serve static resources. But traefik is just a router. It does only has access to the information of the request, not to the information of the server. But in order to decide if to serve the index.html or the static resource you must have access to the resources.
You could route all the traffic to the index.html using Traefik's PathPrefixStripRegex:but this would result in serving index.html for every request, even if you would have wanted kitten.jpg.
i have a problem redirecting multiple paths with traefik to multiple Destinations.
Because of software legacy reasons i have to redirect some paths behind my application to external urls.
My app is running in rancher and i'm using rancher labels to configure traefik with it:
traefik.enable: 'true'
traefik.app.backend: app
traefik.app.frontend.redirect.entryPoint: https
traefik.app.frontend.rule: 'Host: app.url'
traefik.app.protocol: http
traefik.app.port: '8080'
traefik.support.backend: support
traefik.support.protocol: https
traefik.support.frontend.redirect.regex: ^https?://app.url/support/(.*)
traefik.support.frontend.redirect.replacement: https://other.support.url
traefik.support.port: '8080'
However https://app.url/support does not redirect to https://other.support.url and i got an 404 Error.
If i had only on URL to redirct i'd add an redirect at entrypoint level of https entrypoint.
But like i suggest entrypoint doesn't support multiple redirects.
[entryPoints.https]
address = ":443"
[entryPoints.https.redirect]
regex = "^https://app.url/support"
replacement = "https://other.support.url"
How can i achieve this using latest traefik 1.6.4 and Rancher 1.6.x.
Or is it even possible ?
I don't wan't to use another proxy like nginx only for redirection that adds a lot of complications and i find the configuration with labels very comfortabel and transparent.
Any ideas anyone?
You can move the rules into frontends. Since frontends seem to need a backend defined, just define it even though it will never be called.
[backends]
[backends.fake]
[backends.fake.servers.s1]
url="http://1.2.3.4"
[frontends]
[frontends.r1]
backend = "fake"
[frontends.r1.redirect]
regex = "^http://foo.bar/(.*)"
replacement = "http://mydomain1/$1"
permanent = false
[frontends.r2]
backend = "fake"
[frontends.r2.redirect]
regex = "^http://bar.blech/(.*)"
replacement = "http://mydomain2/$1"
permanent = false