Configure middleware for all services

I'm trying to setup Traefik in such a way, that I don't have to add anything to the services in my docker-compose other than "traefik.enable=true" label

I came up with the following setup:

log:
  level: INFO

api:
  insecure: false
  dashboard: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
    http:
      tls: {}

http:
  middlewares:
    services-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "10.0.1.0/24"
    services-compress:
      compress: {}

  routers:
    websecure-ipwhitelist-catchall:
      rule: hostregexp(`{host:.+}`)
      entrypoints:
        - websecure
      middlewares:
        - services-ipwhitelist
    websecure-compress-catchall:
      rule: hostregexp(`{host:.+}`)
      entrypoints:
        - websecure
      middlewares:
        - services-compress

providers:
  file:
    filename: /etc/traefik/tls.yaml
  docker:
    endpoint: unix:///var/run/docker.sock
    watch: true
    exposedByDefault: false
    defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.mydomain.com`)"

Unfortunately, the neither of the middlewares is applied. I tried having just one catch-all router, with both of the middlewares - same issue.

I'm still able to reach the services from e.g. 10.0.0.0/24 network.

I also tried (instead catch-all routers) adding middlewares under the entryPoints.websecure.http, but then I'm getting the level=error msg="middleware \"services-ipwhitelist@docker\" does not exist" entryPointName=websecure routerName=websecure-traefik@docker. Similarly if I list them as service-ipwhitelist@file.

What am I missing?

You can globally assign middlewares on entrypoints in static config, but you need to define them in a dynamic configuration which you load via provider.file.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.