Using Traefik v2.
From the internet, I'm requesting curl -i https://aaa.mysite.com/1/bbb/ccc
. I have a local Whoami server running at whoami.corp
. I want the request to go to http://whoami.corp/users/1/bbb/ccc
, so I need to rewrite the path. With Nginx, it's trivial, but Traefik gives me grief.
Tried this config, but it returns 301
, which is pointless since the modified URL is inaccessible from outside.
http:
routers:
rss:
entryPoints:
- "https"
rule: "(Host (`aaa.mysite.com`))"
middlewares:
- "mw_rss_replace_path"
service: rss
middlewares:
mw_rss_replace_path:
replacePathRegex:
regex: "(.*)"
replacement: "/users/${1}"
services:
rss:
loadBalancer:
servers:
- url: "http://whoami.corp"
passHostHeader: true
What is the appropriate method?
Wrong template variable format? (Doc)
# Replace path with regex
http:
middlewares:
test-replacepathregex:
replacePathRegex:
regex: "^/foo/(.*)"
replacement: "/bar/$1"
Tried that as well, no change—both ${1}
and $1
work the same way. The location
header in the 301
response shows the correct string:
HTTP/2 301
content-type: text/html; charset=utf-8
date: Sun, 01 Oct 2023 17:43:15 GMT
location: /users/1/aaa/bbb
Share your full Traefik static and dynamic config, and docker-compose.yml
if used.
static:
traefik:
image: traefik
container_name: traefik
restart: always
command:
- --global.checkNewVersion=true
- --global.sendAnonymousUsage=false
# Dashboard
- --entryPoints.traefik.address=:8080
# Spice
- --entryPoints.spice.address=:3128
# web/http
- --entryPoints.http.address=:80/tcp
- --entrypoints.http.http.redirections.entryPoint.to=https
# secure/https
- --entryPoints.https.address=:443
- --entryPoints.https.http.tls=true
- --entryPoints.https.http.tls.certResolver=route53
#
- --api=true
- --api.insecure=true
- --api.dashboard=true
#
- --accessLog=true
- --accessLog.filePath=/logs/tr-access.log
- --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
- --accesslog.fields.names.StartUTC=drop
#
- --log.filePath=/logs/tr-error.log
- --log.level=Info
#
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.file.directory=/config/providers
#
- --certificatesresolvers.route53.acme.email=*********@gmail.com
- --certificatesresolvers.route53.acme.storage=/config/*********.****.json
# Production:
- --certificatesresolvers.route53.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
# Staging:
# - --certificatesresolvers.route53.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.route53.acme.keytype=RSA4096
- --certificatesresolvers.route53.acme.dnschallenge=true
- --certificatesresolvers.route53.acme.dnschallenge.provider=route53
- --certificatesresolvers.route53.acme.dnschallenge.delayBeforeCheck=0
- --certificatesresolvers.route53.acme.dnschallenge.resolvers=1.0.0.1:53,8.8.8.8:53,9.9.9.9:53
#
- --serversTransport.insecureSkipVerify=true
# ldapAuth Options=================================================================
- --experimental.plugins.ldapAuth.modulename=github.com/wiltonsr/ldapAuth
- --experimental.plugins.ldapAuth.version=v0.1.4
# =================================================================================
environment:
- TZ=Europe/Madrid
- AWS_ACCESS_KEY_ID=${AWS_Access_Key_ID}
- AWS_SECRET_ACCESS_KEY=${AWS_Secret_Access_Key}
- AWS_HOSTED_ZONE_ID=${AWS_Hosted_Zone_ID}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik:/config
- /ssd/tmp:/logs
networks:
default:
ipv4_address: 10.70.70.200
dns: "192.168.11.1"
No dynamic config, just some providers
as described above.
Your config file with http
is actually dynamic config - vs the static config like entrypoints
.
I would recommend to use a dedicated Docker network, we recently had long troubleshooting when using default
. (Post)
You shared you docker-compose.yml
. Where are the Traefik ports exposed?
Traefik is running under docker, which runs as a service under OpenWRT on an ARM64 router. Port 443 from WAN is redirected to the address of this Traefik instance (10.70.70.200
).
In docker, it's a MACVLAN network, so all ports of each container are exposed. The fact that the network is labeled default
is irrelevant in this case.
networks:
default:
driver: macvlan
driver_opts:
parent: eth2.70
ipam:
config:
- subnet: 10.70.70.0/24
gateway: 10.70.70.1
Traefik has been working great for over a year already. I have multiple providers
, and everything is working as expected except for this. Some services are on the same machine (some inside docker, some outside), while other services are on other machines inside my LAN.