Redirect Multiple Paths to external URLs - traefik

i have a problem redirecting multiple paths with traefik to multiple Destinations.
Because of software legacy reasons i have to redirect some paths behind my application to external urls.
My app is running in rancher and i'm using rancher labels to configure traefik with it:
traefik.enable: 'true'
traefik.app.backend: app
traefik.app.frontend.redirect.entryPoint: https
traefik.app.frontend.rule: 'Host: app.url'
traefik.app.protocol: http
traefik.app.port: '8080'
traefik.support.backend: support
traefik.support.protocol: https
traefik.support.frontend.redirect.regex: ^https?://app.url/support/(.*)
traefik.support.frontend.redirect.replacement: https://other.support.url
traefik.support.port: '8080'
However https://app.url/support does not redirect to https://other.support.url and i got an 404 Error.
If i had only on URL to redirct i'd add an redirect at entrypoint level of https entrypoint.
But like i suggest entrypoint doesn't support multiple redirects.
[entryPoints.https]
address = ":443"
[entryPoints.https.redirect]
regex = "^https://app.url/support"
replacement = "https://other.support.url"
How can i achieve this using latest traefik 1.6.4 and Rancher 1.6.x.
Or is it even possible ?
I don't wan't to use another proxy like nginx only for redirection that adds a lot of complications and i find the configuration with labels very comfortabel and transparent.
Any ideas anyone?

You can move the rules into frontends. Since frontends seem to need a backend defined, just define it even though it will never be called.
[backends]
[backends.fake]
[backends.fake.servers.s1]
url="http://1.2.3.4"
[frontends]
[frontends.r1]
backend = "fake"
[frontends.r1.redirect]
regex = "^http://foo.bar/(.*)"
replacement = "http://mydomain1/$1"
permanent = false
[frontends.r2]
backend = "fake"
[frontends.r2.redirect]
regex = "^http://bar.blech/(.*)"
replacement = "http://mydomain2/$1"
permanent = false

Related

how to use X-Forwarded-Prefix in file backend

I'm try to configure traefik with file backend to contact a grafana server in a LXC container.
This is my configuration file:
[file]
# rules
[backends]
[backends.backend2.servers.server1]
url = "http://192.168.255.250:3000"
[frontends]
[frontends.frontend2]
entryPoints = ["http"]
backend = "backend2"
passHostHeader = true
[frontends.frontend2.routes]
[frontends.frontend2.routes.route0]
rule = "PathPrefixStrip: /grafana"
Grafana backend listen on /
So, I can contact http://example.com/grafana but I have a redirection to http://example.com/login which does not work. But http://example.com/grafana/login responding (without css, certainly because grafana seems to use relative url).
According to the documentation :
Use a *Strip matcher if your backend listens on the root path (/) but should be routeable on a specific prefix. For instance, PathPrefixStrip: /products would match /products but also /products/shoes and /products/shirts.
Since the path is stripped prior to forwarding, your backend is expected to listen on /.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return /products/shoes/image.png (and not /images.png which Traefik would likely not be able to associate with the same backend).
The X-Forwarded-Prefix header (available since Traefik 1.3) can be queried to build such URLs dynamically.
It seems that I have to use the X-Forwarded-Prefix header but I do not know how to use it (I did not see anything in the documentation). Maybe you can help me solve this problem ?
Regards
jmc
In fact, the problem does not come from traefik. I just forgot to specify the path in /etc/grafana.ini (root_url field). I thought it was not necessary since the incoming query does not contain the path /grafana (because we use PathPrefixStrip). But in fact, grafana needs it to indicate effective url to client.
Regards.
jmc

Magento 2: Too many redirects behind traefik reverse-proxy

In front of my web servers and Docker applications I'm running Traefik to handle load balancing and reverse-proxy. In this specific case Magento 2 is running on another host in the same private network as the Traefik host.
Traefik: 192.168.1.30
Magento: 192.168.1.224
Traffic is coming into the firewall on port 80/443 and forwarded to Traefik which forwards the request based on the domain name (in this case exampleshop.com).
My Traefik configuration looks like this:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[backends]
[backends.backend-exampleshop]
[backends.backend-exampleshop.servers.server1]
url = "http://192.168.1.224:80
passHostHeader = true
[frontends]
[frontends.exampleshop]
backend = "backend-exampleshop"
[frontends.exampleshop.routes.hostname]
rule = "Host:exampleshop.com"
For regular websites above configuration always worked as expected (a working HTTPS connection with valid Let's Encrypt cert) but in this Magento 2 case it results in:
ERR_TOO_MANY_REDIRECTS
Therefore I'm unable to reach both my homepage as well as my admin page. Looking at the Database records I've configured both my unsecure as secure URL as https://exampleshop.com to avoid redirect errors.
Apache is listening fine on port 80, and when contacted directly (by changing my hosts file) the page gets displayed just fine over HTTP.
What am I missing here?
Command out below code solved this case OR
Enable ACME on your Traefik and switch SSL mode on Cloudflare to Full (if enabled)
[entryPoints.http.redirect]
entryPoint = "https"
I suppose that 192.168.1.224 is the IP (local) where Traefik is installed.
entryPoints.http : address = ":80" == address = "0.0.0.0:80"
https//exampleshop.com
entryPoints.https (because https == port 443)
frontends.example1 (because rule = "Host:exampleshop.com")
backend-example1: server = "http://192.168.1.224:80"
entryPoints.http because :80 == http://192.168.1.224:80
redirection to entryPoints.https
etc
Try to change the port of your local application.
Actually, the config was completely valid but Cloudflare's crypto/SSL settings were set to Flexible instead of Full; causing a loop.
I run into this as well, but I've found I have to add this:
ingress.kubernetes.io/ssl-proxy-headers: "X-Forwarded-Proto: https"
In our kubernetes ingress manifests and it fixes it.

traefik custom rule PathStrip does not match

TRying out custome rule in traefik ..
it should
Remove /code from the url and send remaining to backend based on the other matcher
Example url : /code/rr ;
only /rr should be sent to backend .. Looks like only /code is sent to backend.
Below is my rule , but not working ..
[frontends.f_rr]
entrypoints = ["http","https"]
priority = 10
passHostHeader = true
backend = "b_co"
[frontends.f_co.routes.test_1]
rule = "PathStrip: /code/; Path:/rr"
You should use the PathPrefixStrip: /code rule (and only this rule). It catches all requests for the /code path prefix but strips it prior to forwarding to the backend.
See also the documentation at https://docs.traefik.io/basics/#frontends, in particular the subsection titled Path Matcher Usage Guidelines.
Faced same issue with stripprefix middleware. The way to go about it, is after you define the router and the middleware, you actually need to assign the middleware to the router for it to be usable. Otherwise it will be defined and created but not used (You can use traefik dashboard to see if the middleware is being used by any router)
Using docker provider:
traefik.enable: true
traefik.port: 9101
# define router
traefik.http.routers.my-router.rule: PathPrefix(`/my-router`)
# only if accepts htpps
traefik.http.routers.my-router.tls: true
# strippath middleware
traefik.http.middlewares.my-router-strip.stripprefix.prefixes: '/my-router'
# assign to router, do n ot forget this bit
traefik.http.routers.my-router.middlewares: my-router-strip#docker
traefik.http.middlewares.my-router.stripprefix.forceslash: false
traefik.http.routers.my-router.entrypoints: https, http

Can Traefik redirect example.com/test to 192.168.1.1:8888 with no path?

Is it possible to have a domain/path redirect to internal server with no path? Ie hxxp://example.com/test redirects to an internal server 192.168.1.1:8888
I have my traefik up and running using supdomains but as soon as I try to use paths I run into issues. I've tried pathprefixstrip to no avail.
This is running in a docker on my qnap server.
[frontends.test1]
backend = "test1"
entrypoints = ["https"]
[frontends.tes1t.routes.test1]
rule = "Host:example.com;PathPrefixStrip /test"
[backends.test1]
[backends.test1.servers.test1]
url = "hxxps://192.168.1.1:8888"
Try using PathPrefixStrip:/test instead of PathPrefixStrip /test (in the same idea you used Host:example.com and not Host example.com.

Use https instead of http in urls in templates for static files

Currently we are using the default wirecloud template. But sinde we enabled SSL and redirect every request to the ssl port I would love to change the urls of static ressources to start with https to avoid mixed content warnings.
Is there a simple way to change the urls to always start wit hhttps instead of http?
That's done automatically, except if WireCloud is behind a proxy (so requests comes using HTTP instead of HTTPS). In those cases you can force WireCloud to use https links by adding this line into the settings.py file:
FORCE_PROTO = "https"
See this link for more info.