Headers

在请求/响应中添加标题

Headers

标头中间件可以管理请求/响应标头.

Configuration Examples

Adding Headers to the Request and the Response

X-Script-Name标头添加到代理请求中,并将X-Custom-Response-Header到响应中

labels:
  - "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testHeader
spec:
  headers:
    customRequestHeaders:
      X-Script-Name: "test"
    customResponseHeaders:
      X-Custom-Response-Header: "value"
"labels": {
  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
  "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "value"
}
labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
[http.middlewares]
  [http.middlewares.testHeader.headers]
    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Script-Name = "test"
    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Custom-Response-Header = "value"
http:
  middlewares:
    testHeader:
      headers:
        customRequestHeaders:
          X-Script-Name: "test"
        customResponseHeaders:
          X-Custom-Response-Header: "value"

Adding and Removing Headers

X-Script-Name标头添加到代理请求中,从请求中删除X-Custom-Request-Header标头,并从响应中删除X-Custom-Response-Header标头.

请注意,暂时无法通过使用标签(Docker,Rancher,Marathon等)删除标头.

labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testHeader
spec:
  headers:
    customRequestHeaders:
      X-Script-Name: "test" # Adds
      X-Custom-Request-Header: "" # Removes
    customResponseHeaders:
      X-Custom-Response-Header: "" # Removes
"labels": {
  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
}
labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
[http.middlewares]
  [http.middlewares.testHeader.headers]
    [http.middlewares.testHeader.headers.customRequestHeaders]
        X-Script-Name = "test" # Adds
        X-Custom-Request-Header = "" # Removes
    [http.middlewares.testHeader.headers.customResponseHeaders]
        X-Custom-Response-Header = "" # Removes
http:
  middlewares:
    testHeader:
      headers:
        customRequestHeaders:
          X-Script-Name: "test" # Adds
          X-Custom-Request-Header: "" # Removes
        customResponseHeaders:
          X-Custom-Response-Header: "" # Removes

Using Security Headers

与安全相关的标头(HSTS标头,SSL重定向,浏览器XSS过滤器等)可以按照与上述自定义标头类似的方式添加和配置. 此功能允许快速设置一些简单的安全功能.

labels:
  - "traefik.http.middlewares.testHeader.headers.framedeny=true"
  - "traefik.http.middlewares.testHeader.headers.sslredirect=true"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testHeader
spec:
  headers:
    frameDeny: "true"
    sslRedirect: "true"
"labels": {
  "traefik.http.middlewares.testheader.headers.framedeny": "true",
  "traefik.http.middlewares.testheader.headers.sslredirect": "true"
}
labels:
  - "traefik.http.middlewares.testheader.headers.framedeny=true"
  - "traefik.http.middlewares.testheader.headers.sslredirect=true"
[http.middlewares]
  [http.middlewares.testHeader.headers]
    frameDeny = true
    sslRedirect = true
http:
  middlewares:
    testHeader:
      headers:
        frameDeny: true
        sslRedirect: true

CORS Headers

可以采用与上述自定义标头类似的方式添加和配置CORS(跨源资源共享)标头. 此功能允许快速设置更多高级安全功能.

labels:
  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: testHeader
spec:
  headers:
    accessControlAllowMethods:
      - "GET"
      - "OPTIONS"
      - "PUT"
    accessControlAllowOrigin: "origin-list-or-null"
    accessControlMaxAge: 100
    addVaryHeader: "true"
"labels": {
  "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
  "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin": "origin-list-or-null",
  "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
  "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
}
labels:
  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
[http.middlewares]
  [http.middlewares.testHeader.headers]
    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
    accessControlAllowOrigin = "origin-list-or-null"
    accessControlMaxAge = 100
    addVaryHeader = true
http:
  middlewares:
    testHeader:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlAllowOrigin: "origin-list-or-null"
        accessControlMaxAge: 100
        addVaryHeader: true

Configuration Options

General

Warning

如果自定义标头名称与请求或响应的一个标头名称相同,它将被替换.

安全标题的详细文档可以在unrolled / secure中找到.

customRequestHeaders

customRequestHeaders选项列出了要应用于请求的标头名称和值.

customResponseHeaders

customResponseHeaders选项列出了要应用于响应的标头名称和值.

accessControlAllowCredentials

accessControlAllowCredentials指示请求是否可以包括用户凭据.

accessControlAllowHeaders

accessControlAllowHeaders指示哪些标头字段名称可以用作请求的一部分.

accessControlAllowMethods

accessControlAllowMethods指示在请求期间可以使用哪些方法.

accessControlAllowOrigin

accessControlAllowOrigin指示是否可以通过返回不同的值来共享资源. 此值的三个选项是:

  • origin-list-or-null
  • *
  • null

accessControlExposeHeaders

accessControlExposeHeaders指示哪些标头可以安全地暴露给CORS API规范的api.

accessControlMaxAge

accessControlMaxAge指示可以将预检请求缓存多长时间.

addVaryHeader

addVaryHeaderaccessControlAllowOrigin一起使用,以确定是否应添加或修改accessControlAllowOrigin标头,以证明服务器响应可能因原始标头的值而异.

allowedHosts

allowedHosts选项列出了允许的完全限定域名.

hostsProxyHeaders

hostsProxyHeaders选项是一组标头键,可以保存请求的代理主机名值.

sslRedirect

sslRedirect设置为true,然后仅允许https请求.

sslTemporaryRedirect

sslTemporaryRedirect设置为true可以强制使用302(而不是301)进行SSL重定向.

sslHost

sslHost选项是用于将http请求重定向到https的主机名.

sslProxyHeaders

sslProxyHeaders选项是带有相关值的标头键集,这些键值指示有效的https请求. 在将其他代理与标头使用时很有用,例如: "X-Forwarded-Proto": "https" .

sslForceHost

sslForceHost设置为true,并将SSLHost设置为强制使用SSLHost请求,即使已经使用SSL的请求SSLHost如此.

stsSeconds

stsSeconds是Strict-Transport-Security标头的最大值. 如果设置为0,将不包含标题.

stsIncludeSubdomains

stsIncludeSubdomains设置为true, includeSubDomains指令将附加到Strict-Transport-Security标头.

stsPreload

stsPreload设置为true可以将preload标志附加到Strict-Transport-Security标头.

forceSTSHeader

forceSTSHeader设置为true,即使在连接为HTTP的情况下也可以添加STS标头.

frameDeny

frameDeny设置为true可以添加带有DENY值的X-Frame-Options标头.

customFrameOptionsValue

customFrameOptionsValue允许使用自定义值设置X-Frame-Options标头值. 这将覆盖FrameDeny选项.

contentTypeNosniff

contentTypeNosniff设置为true可以添加带有值nosniffX-Content-Type-Options标头.

browserXssFilter

Set browserXssFilter to true to add the X-XSS-Protection header with the value 1; mode=block.

customBrowserXSSValue

customBrowserXssValue选项允许使用自定义值设置X-XSS-Protection标头值. 这将覆盖BrowserXssFilter选项.

contentSecurityPolicy

contentSecurityPolicy选项允许使用自定义值设置Content-Security-Policy标头值.

publicKey

publicKey实现publicKey以防止伪造证书对MITM的攻击.

referrerPolicy

referrerPolicy允许站点控制浏览器何时将Referer标头传递给其他站点.

featurePolicy

featurePolicy允许站点控制浏览器功能.

isDevelopment

开发时将isDevelopment设置为true. AllowedHosts,SSL和STS选项可能会导致某些不良影响. 通常,测试是在http(而非https)和localhost(而非您的生产域)上进行的.
如果您希望您的开发环境通过完全的主机阻止,SSL重定向和STS标头模仿生产,则将其保留为false.