I'm trying to achieve the redirect configuration of Traefik on one of the containers in the docker-compose file. I found a similar configuration called merge_slashes in the Nginx service configuration. This is exactly the same behavior I want to achieve.
Tried the regex alternative approach for Nginx service described here: https://www.ctrl.blog/entry/relative-double-slashes-url.html
rewrite ^(.*)//(.*)$ $1/$2;
rewrite ^ $uri permanent;
But this approach not works for Traefik.
labels:
traefik.merge_slashes.frontend.rule: 'Host:${PROJECT_BASE_URL}'
traefik.merge_slashes.frontend.redirect.regex: '(.*)\\/\\/+(.*)'
traefik.merge_slashes.frontend.redirect.replacement: '$${1}/$${2}'
traefik.merge_slashes.frontend.redirect.permanent: 'true'
Something expected achieved by using following configurations:
labels:
traefik.merge_slashes.frontend.rule: 'Host:${PROJECT_BASE_URL}'
traefik.merge_slashes.frontend.redirect.regex: '(.*\\:\\/\\/.*)\\/\\/+(.*)'
traefik.merge_slashes.frontend.redirect.replacement: '$${1}/$${2}'
traefik.merge_slashes.frontend.redirect.permanent: 'true'
But this can follows for too many redirects issue with URL like:
http://localhost/some/////////////////////////////////////////////example///url
Related
We decided to move from the subdomain structure to one root domain with path prefixes, but we got many old URLs on the internet. So is there any way to add a redirect from the old URL to the new one?
For example,
We got subdomain test.example.com switched to example.com/test, I can access correctly site with the string in docker-swarm YAML file
traefik.frontend.rule: Host:example.com;PathPrefixStrip:/test
but when I'm trying to add to Traefik config redirects like:
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^https://(*).example.com/)"
replacement = "^https://example.com/${1}"
Traefik says that it doesn't know where to forward this request
If I'm trying to add:
traefik.frontend.rule: Host:test.example.com,example.com;PathPrefixStrip:/test
Traefik adds a prefix to both hosts. Is there any way to resolve this without adding a second reverse proxy?
Assuming that you are using Traefik 2.1, you can use the below middleware for Traefik
[http.middlewares]
[http.middlewares.blog-redirect.redirectRegex]
regex = "^(https?://)(.*).example.com/(.*)$"
replacement = "${1}example.com/${2}/${3}"
permanent = true
The important step to activate the above middleware is to add the below label on the corresponding router and service. For instance, if you a a blog service and you defined a blog router for it, then you need to add the below table to the services
traefik.http.routers.blog.middlewares=blog-redirect
In addition, your route rule should look like the below rule to be able to handle both domains (or you define multiple routes per service)
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/test`) || Host(`api.example.com``)
in this post, you can find more info about traffic and redirection
I am working on a kubernetes cluster and problem faced is:
From UI/browser, I can see it is sending a request header called "request_id" please refer to image:
But while checking on backend it is unavailable. While searching through internet, I could see that people are talking about adding following entry to Ingress object:
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header request_id "$req_id";
But it is generating a new value for this and not passing value submitted by browser.
Any ideas, what might be missing here?
If you want to pass a custom header to your backend, you need to use this kind of annotation:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $request_id
In your configuration you are using the variable $req_id, but you need to pass the variable sent by UI/browser.
Basically, ingress-nginx-controller drops any request headers that contains "_" in them. You can find various threads which discuss this issue like,
Why HTTP servers forbid underscores in HTTP header names
So, I just enabled ingress controller to pass such request headers. This can be done by adding following entry to configmap "nginx-configuration"
data:
enable-underscores-in-headers: "true"
IMO, this is a much clean solution as there could be many applications that might use "_" in request headers.
I am having difficulty in understanding the rewrite annotation in k8s ingress. Can someone please help me in understanding it with an example.
For Eg:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
I checked this Link out but it's still not very clear how the slashes and arguments work out here.
Thanks !
Please refer to this stackoverflow post, this will be helpful for you.
In this post you can see that hostname/api points to backend service, and the rewrite actually makes the url to get converted from hostname/api to hostname.
Rewrite comes handy when frontend and backend services are to be mapped to one hostname only
I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On.
When I use nikto to do some scans and try to trigger the owasp rules I only see 400 responses in the ingress logging. I would expect 403 responses. Anyone any idea on what I am doing wrong or what to check?
Followed the instructions on:
https://karlstoney.com/2018/02/23/nginx-ingress-modsecurity-and-secchatops/
The only thing I had to change was "SecAuditLog /var/log/modsec/audit.log". Changed it to SecAuditLog /var/log/modsec_audit.log
There are hosting with nginx configured for many sites.
Now we want allow users to configure redirections. They look like:
/page/from.html /page/to.thml
... ...
Does it possible to say nginx to look into specified file for site and do redirection if request match?
UPD
Better solution be when nginx should not be required to restart.
You can add this configuration in nginx default config file :
map $old_uri $redirects {
example.com/def example.com/abc;
example.com/def example.com/abc;
}
Link