Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Traefik Plugins #307

Open
Bispo1986 opened this issue Mar 8, 2023 · 1 comment
Open

Traefik Plugins #307

Bispo1986 opened this issue Mar 8, 2023 · 1 comment

Comments

@Bispo1986
Copy link

Hello there.

First and foremost thank you very much for you guides and Repo about Home Serving. Followed your steps to traefik+authelia+Cloudflare DNS, etc. Till now with success.

  • Wanted to ask you about how to implement Plugins on traefik within your config, because you use Traefik with CLI commands and middleware chains. I have tested until now several plugins, whereby Traefik sees it and loads it without a problem, doesnt report errors around it, but will always fail on all subdomains, where i always have a 404 error.

----> my Middlewares.yml is exactly how you have yours.
----> my Middlewares-chains.yml are very simple:
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-compress

chain-basic-auth:
  chain:
    middlewares:
      - middlewares-rate-limit
      - middlewares-https-redirectscheme
      - middlewares-secure-headers
      - middlewares-basic-auth
      - middlewares-compress

chain-authelia:
  chain:
    middlewares:
      - middlewares-rate-limit
      - middlewares-https-redirectscheme
      - middlewares-secure-headers
      - middlewares-authelia
      - middlewares-compress
  • Now from this logic, once i insert the CLI commands on the Docker Compose file with the plugin, i follow the traefik plugin guide, because the majority need a static and a dynamic config. So in tha sense i configure the Middlewares, and call that in the chain, like so:

chain-authelia:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-authelia
- middlewares-compress
- my-geoblock

where i add the new middleware to the chain. I recreate the container with this configuration:

static:
--experimental.plugins.geoblock.modulename=github.com/PascalMinder/geoblock
--experimental.plugins.geoblock.version=v0.2.5

dynamic:

http:
middlewares:
my-geoblock:
plugin:
geoblock:
allowLocalRequests: "false"
allowUnknownCountries: "false"
api: https://get.geojs.io/v1/ip/country/{ip}
apiTimeoutMs: "150"
cacheSize: "15"
countries:
- CH
forceMonthlyUpdate: "true"
logAllowedRequests: "false"
logApiRequests: "true"
logLocalRequests: "false"
unknownCountryApiResponse: nil

and ofc i call the dynamic on the chain.

It doesnt work no matter what i try. The plugin here is only an example.
This happens with every Plugin. As i said no error comes out of traefik itself and the plugin is loaded without a problem.

I would ask you, if and when you got the time, to make a guide with the new crowdsec plugin for traefik, where the traefik-bouncer is configured as a plugin. That one would be of interest given that the one mentioned in your guide no longer shows as stable by traefik.
@chk86
Copy link

chk86 commented Dec 18, 2023

I was able to get the new crowdsec plugin working in traefik. It's the only traefik plugin I have enabled right now.

It's hard to see the indentations and code in your middlewares with the geoblock, so I'm not sure about why your setup is giving you 404s.

But here's what I have for the crowdsec plugin:

Middlewares.yml

crowdsec-bouncer-plugin:
      plugin:
        crowdsec-bouncer-traefik-plugin:
          Enabled: true
          logLevel: INFO
          updateIntervalSeconds: 60
          defaultDecisionSeconds: 60
          httpTimeoutSeconds: 10
          crowdsecMode: none
          crowdsecLapiKey: <lapikey>
          crowdsecLapiHost: crowdsec:8080
          crowdsecLapiScheme: http
          crowdsecLapiTLSInsecureVerify: false
          forwardedHeadersTrustedIPs: 
            - ipaddress
          clientTrustedIPs: 
            - ipaddress
          forwardedHeadersCustomName: X-Custom-Header

traefik compose

# Traefik 2 - Reverse Proxy
  traefik:
    <<: *common-keys-core # See EXTENSION FIELDS at the top
    container_name: traefik
    image: traefik:2.10
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true   
      - --experimental.plugins.crowdsec-bouncer-traefik-plugin.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      - --experimental.plugins.crowdsec-bouncer-traefik-plugin.version=v1.1.16

And then I just added the crowdsec bouncer middlewares to my middlewares-chain:

http:
  middlewares:
    chain-authelia:
      chain:
        middlewares:
          # - middlewares-crowdsec-bouncer # leave this out if you are not using CrowdSec
          - crowdsec-bouncer-plugin
          - middlewares-rate-limit
          - middlewares-https-redirectscheme
          - middlewares-secure-headers
          - middlewares-authelia
          - middlewares-compress

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chk86 @Bispo1986