Middlewares

调整请求

Overview

中间件连接到路由器,是一种在请求发送到您的服务之前(或在服务的答案发送到客户端之前)调整请求的方法.

Traefik中有许多不同的可用中间件,其中一些可以修改请求,标头,一些负责重定向,一些添加身份验证,等等.

中间件可以链式组合以适应各种情况.

Configuration Example

# As a Docker Label
whoami:
  #  A container that exposes an API to show its IP address
  image: containous/whoami
  labels:
    # Create a middleware named `foo-add-prefix`
    - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
    # Apply the middleware named `foo-add-prefix` to the router named `router1`
    - "[email protected]"
# As a Kubernetes Traefik IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: middlewares.traefik.containo.us
spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: stripprefix
spec:
  stripPrefix:
    prefixes:
      - /stripit

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroute
spec:
# more fields...
  routes:
    # more fields...
    middlewares:
      - name: stripprefix
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "[email protected]talog"
"labels": {
  "traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
  "traefik.http.routers.router1.middlewares": "[email protected]"
}
# As a Rancher Label
labels:
  # Create a middleware named `foo-add-prefix`
  - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
  # Apply the middleware named `foo-add-prefix` to the router named `router1`
  - "[email protected]"
# As TOML Configuration File
[http.routers]
  [http.routers.router1]
    service = "myService"
    middlewares = ["foo-add-prefix"]
    rule = "Host(`example.com`)"

[http.middlewares]
  [http.middlewares.foo-add-prefix.addPrefix]
    prefix = "/foo"

[http.services]
  [http.services.service1]
    [http.services.service1.loadBalancer]

      [[http.services.service1.loadBalancer.servers]]
        url = "http://127.0.0.1:80"
# As YAML Configuration File
http:
  routers:
    router1:
      service: myService
      middlewares:
        - "foo-add-prefix"
      rule: "Host(`example.com`)"

  middlewares:
    foo-add-prefix:
      addPrefix:
        prefix: "/foo"

  services:
    service1:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1:80"

Provider Namespace

声明中间件时,中间件位于其提供程序名称空间中. 例如,如果您使用Docker标签声明中间件,那么该中间件将位于docker provider名称空间中.

如果您使用多个提供程序,并且希望引用在另一个提供程序中声明的中间件(也称为交叉提供者中间件),则必须在中间件名称后加上@分隔符,然后再附加提供程序名称.

<resource-name>@<provider-name>

Kubernetes命名空间

由于Kubernetes也有其自己的名称空间概念,因此不应混淆"提供商名称空间"

在跨提供商使用的上下文中使用资源的" kubernetes命名空间". 在这种情况下,由于中间件的定义不在kubernetes中,因此在引用资源时指定" kubernetes命名空间"没有任何意义,因此即使存在该规范也将被忽略.

引用其他提供商的中间件

在文件提供程序中声明add-foo-prefix.

[http.middlewares]
  [http.middlewares.add-foo-prefix.addPrefix]
    prefix = "/foo"
http:
  middlewares:
    add-foo-prefix:
      addPrefix:
        prefix: "/foo"

使用其他提供程序的add-foo-prefix中间件:

your-container: #
  image: your-docker-image

  labels:
    # Attach [email protected] middleware (declared in file)
    - "[email protected]e"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutestripprefix

spec:
  entryPoints:
    - web
  routes:
    - match: Host(`bar.com`)
      kind: Rule
      services:
        - name: whoami
          port: 80
      middlewares:
        - name: [email protected]
        # namespace: bar
        # A namespace specification such as above is ignored
        # when the cross-provider syntax is used.

Available Middlewares

Middleware Purpose Area
AddPrefix 添加路径前缀 路径编辑
BasicAuth 基本身份验证机制 安全,认证
Buffering 缓冲请求/响应 请求生命周期
Chain 结合多个中间件 中间件工具
CircuitBreaker 停止拨打不健康的服务 请求生命周期
Compress 压缩回应 内容编辑
DigestAuth 添加摘要式身份验证 安全,认证
Errors 定义自定义错误页面 请求生命周期
ForwardAuth 认证委托 安全,认证
Headers 添加/更新标题 Security
IPWhiteList 限制允许的客户端IP 安全性,请求生命周期
InFlightReq 限制同时连接的数量 安全性,请求生命周期
PassTLSClientCert 在标题中添加客户端证书 Security
RateLimit 限制通话频率 安全性,请求生命周期
RedirectScheme 轻松地将客户重定向到其他地方 请求生命周期
RedirectRegex 将客户重定向到其他地方 请求生命周期
ReplacePath 更改请求的路径 路径编辑
ReplacePathRegex 更改请求的路径 路径编辑
Retry 发生错误时自动重试请求 请求生命周期
StripPrefix 更改请求的路径 路径编辑
StripPrefixRegex 更改请求的路径 路径编辑