Add more selective match to increase the regex precedence

This commit is contained in:
Francesco Antognazza 2023-02-15 14:00:52 +01:00
parent 0957ad5f1c
commit 71a8507928
9 changed files with 29 additions and 15 deletions

View File

@ -50,7 +50,7 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.collabora.entrypoints: "https" traefik.http.routers.collabora.entrypoints: "https"
traefik.http.routers.collabora.rule: "PathPrefix(`/collabora`,`/browser`)" traefik.http.routers.collabora.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/collabora`,`/browser`)"
traefik.http.routers.collabora.tls: "true" traefik.http.routers.collabora.tls: "true"
traefik.http.routers.collabora.tls.certresolver: "wildcard" traefik.http.routers.collabora.tls.certresolver: "wildcard"
traefik.http.routers.collabora.service: "collabora" traefik.http.routers.collabora.service: "collabora"

View File

@ -50,11 +50,11 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.drone-runner.entrypoints: "https" traefik.http.routers.drone-runner.entrypoints: "https"
traefik.http.routers.drone-runner.rule: "PathPrefix(`/runner`)" traefik.http.routers.drone-runner.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/runner/`) || Path(`/runner`))"
traefik.http.routers.drone-runner.tls: "true" traefik.http.routers.drone-runner.tls: "true"
traefik.http.routers.drone-runner.tls.certresolver: "wildcard" traefik.http.routers.drone-runner.tls.certresolver: "wildcard"
traefik.http.routers.drone-runner.service: "drone-runner" traefik.http.routers.drone-runner.service: "drone-runner"
traefik.http.routers.drone-runner.middlewares: "drone-runner-prefixstrip@docker" traefik.http.routers.drone-runner.middlewares: "force-trailing-slash@file,drone-runner-prefixstrip@docker"
traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner" traefik.http.middlewares.drone-runner-prefixstrip.stripprefix.prefixes: "/runner"
traefik.http.services.drone-runner.loadbalancer.server.port: "3000" traefik.http.services.drone-runner.loadbalancer.server.port: "3000"
traefik.docker.network: "traefik-drone-runner" traefik.docker.network: "traefik-drone-runner"

View File

@ -48,11 +48,11 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.drone-server.entrypoints: "https" traefik.http.routers.drone-server.entrypoints: "https"
traefik.http.routers.drone-server.rule: "PathPrefix(`/drone`)" traefik.http.routers.drone-server.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/drone/`) || Path(`/drone`))"
traefik.http.routers.drone-server.tls: "true" traefik.http.routers.drone-server.tls: "true"
traefik.http.routers.drone-server.tls.certresolver: "wildcard" traefik.http.routers.drone-server.tls.certresolver: "wildcard"
traefik.http.routers.drone-server.service: "drone-server" traefik.http.routers.drone-server.service: "drone-server"
traefik.http.routers.drone-server.middlewares: "drone-server-prefixstrip@docker" traefik.http.routers.drone-server.middlewares: "force-trailing-slash@file,drone-server-prefixstrip@docker"
traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone" traefik.http.middlewares.drone-server-prefixstrip.stripprefix.prefixes: "/drone"
traefik.http.services.drone-server.loadbalancer.server.port: "80" traefik.http.services.drone-server.loadbalancer.server.port: "80"
traefik.docker.network: "traefik-drone" traefik.docker.network: "traefik-drone"

View File

@ -100,11 +100,11 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.gitea.entrypoints: "https" traefik.http.routers.gitea.entrypoints: "https"
traefik.http.routers.gitea.rule: "PathPrefix(`/git`)" traefik.http.routers.gitea.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/git/`) || Path(`/git`))"
traefik.http.routers.gitea.tls: "true" traefik.http.routers.gitea.tls: "true"
traefik.http.routers.gitea.tls.certresolver: "wildcard" traefik.http.routers.gitea.tls.certresolver: "wildcard"
traefik.http.routers.gitea.service: "gitea" traefik.http.routers.gitea.service: "gitea"
traefik.http.routers.gitea.middlewares: "gitea-prefixstrip@docker" traefik.http.routers.gitea.middlewares: "force-trailing-slash@file,gitea-prefixstrip@docker"
traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git" traefik.http.middlewares.gitea-prefixstrip.stripprefix.prefixes: "/git"
traefik.http.services.gitea.loadbalancer.server.port: "3000" traefik.http.services.gitea.loadbalancer.server.port: "3000"
traefik.docker.network: "traefik-gitea" traefik.docker.network: "traefik-gitea"

View File

@ -145,11 +145,11 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.nextcloud.entrypoints: "https" traefik.http.routers.nextcloud.entrypoints: "https"
traefik.http.routers.nextcloud.rule: "PathPrefix(`/cloud`)" traefik.http.routers.nextcloud.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cloud/`) || Path(`/cloud`))"
traefik.http.routers.nextcloud.tls: "true" traefik.http.routers.nextcloud.tls: "true"
traefik.http.routers.nextcloud.tls.certresolver: "wildcard" traefik.http.routers.nextcloud.tls.certresolver: "wildcard"
traefik.http.routers.nextcloud.service: "nextcloud" traefik.http.routers.nextcloud.service: "nextcloud"
traefik.http.routers.nextcloud.middlewares: "nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file" traefik.http.routers.nextcloud.middlewares: "force-trailing-slash@file,nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file"
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true"
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/.well-known/(card|cal)dav"
traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/remote.php/dav/" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/remote.php/dav/"

View File

@ -48,11 +48,11 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.routers.portainer.entrypoints: "https" traefik.http.routers.portainer.entrypoints: "https"
traefik.http.routers.portainer.rule: "PathPrefix(`/portainer`)" traefik.http.routers.portainer.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/portainer/`) || Path(`/portainer`))"
traefik.http.routers.portainer.tls: "true" traefik.http.routers.portainer.tls: "true"
traefik.http.routers.portainer.tls.certresolver: "wildcard" traefik.http.routers.portainer.tls.certresolver: "wildcard"
traefik.http.routers.portainer.service: "portainer" traefik.http.routers.portainer.service: "portainer"
traefik.http.routers.portainer.middlewares: "portainer-prefixstrip@docker" traefik.http.routers.portainer.middlewares: "force-trailing-slash@file,portainer-prefixstrip@docker"
traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer" traefik.http.middlewares.portainer-prefixstrip.stripprefix.prefixes: "/portainer"
traefik.http.services.portainer.loadbalancer.server.port: "9000" traefik.http.services.portainer.loadbalancer.server.port: "9000"
traefik.docker.network: "traefik-portainer" traefik.docker.network: "traefik-portainer"

View File

@ -0,0 +1,15 @@
http:
middlewares:
force-trailing-slash:
chain:
middlewares:
- add-trailing-slash
- strip-after-slash
add-trailing-slash:
redirectregex:
regex: "^(https?://[^/]+/[a-z0-9_]+)$"
replacement: "${1}/"
permanent: true
strip-after-slash:
stripprefixregex:
regex: "/[a-z0-9_]+"

View File

@ -104,9 +104,8 @@
io.containers.autoupdate: "registry" io.containers.autoupdate: "registry"
traefik.enable: "true" traefik.enable: "true"
traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}" traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
traefik.http.middlewares.traefik-prefixstrip.stripprefix.prefixes: "/traefik"
traefik.http.routers.traefik.entrypoints: "https" traefik.http.routers.traefik.entrypoints: "https"
traefik.http.routers.traefik.rule: "PathPrefix(`/traefik`) || HeadersRegexp(`Referer`, `.*/traefik/.*`)" traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && PathPrefix(`/api`,`/dashboard`)"
traefik.http.routers.traefik.middlewares: "traefik-auth@docker" traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
traefik.http.routers.traefik.tls: "true" traefik.http.routers.traefik.tls: "true"
traefik.http.routers.traefik.tls.certresolver: "wildcard" traefik.http.routers.traefik.tls.certresolver: "wildcard"

View File

@ -1,10 +1,10 @@
http: http:
routers: routers:
cockpit: cockpit:
rule: "PathPrefix(`/cockpit`)" rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/cockpit/`) || Path(`/cockpit`))"
entryPoints: https entryPoints: https
middlewares: middlewares:
- cockpit-stripprefix - force-trailing-slash
service: cockpit service: cockpit
tls: tls:
certresolver: wildcard certresolver: wildcard