Whitelist / acceslist in routers

Traefik Traefik v2
,
1

Hello,

I'm new with traefik, so i'm sorry if my question is a bit odd. I've tried to search the web for a solution but could not find anything. So i was hoping somebody could help me here.

So why i'm moving to Traefik? I first used Nginx Proxy Manager, but do a recent youtube video about security i've decided to move to Traefik. On my Nginx Proxy Manager I had acceslists, so I could enter my application only from home and work.

I'll but a fake config example here:"

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake.fakedomein.com`)"
      middlewares:
        - default-headers
      tls:
        certResolver: http
      service: fake-service

  services:
    fake-service:
      loadBalancer:
        servers:
          - url: "http://10.0.0.105:80"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    
    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/23"
        - "84.100.245.80/32"
        ipStrategy:
          depth: 0

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

So what i want is the following: I want a acceslist / whitelist in there routers / services so my application is not open for the whole world. Is it possible? I've found some things about ClientIP but could not get it to work.

Thanx in advanced!

2

You can use IPWhiteList middleware.

First define it:

# Accepts request from defined IP
http:
  middlewares:
    test-ipwhitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "192.168.1.7"

Then assign it:

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake.fakedomein.com`)"
      middlewares:
        - default-headers
        - test-ipwhitelist
3

Thank you for you're quick reply, Traefik gives me a error now..

My config file looks like this:

http:
  routers:
    fake-service:
      entryPoints:
        - "https"
      rule: "Host(`fake-service.fakedomain.com`)"
      middlewares:
        - default-headers
	- default-whitelist
      tls:
        certResolver: http
      service: fake-service

  services:
    fake-service:
      loadBalancer:
        servers:
          - url: "http://10.0.0.105:80"
        passHostHeader: true

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
    
    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/23"
        - "84.100.245.80/32"
        ipStrategy:
          depth: 0

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

The Traefik error i'm getting is:
time="2023-07-12T08:39:15+02:00" level=info msg="Configuration loaded from file: /traefik.yml"

time="2023-07-12T08:39:15+02:00" level=error msg="Error while building configuration (for the first time): yaml: line 16: found a tab character that violates indentation" providerName=file

time="2023-07-12T08:39:16+02:00" level=error msg="middleware "https-redirect@file" does not exist" routerName=code@docker entryPointName=http

time="2023-07-12T08:39:16+02:00" level=error msg="middleware "secured@file" does not exist" entryPointName=https routerName=code-secure@docker

4

Oooh wauw, i've found it.... I used tabs... And I need to used space (in the config....)