mirror of
https://github.com/containous/traefik.git
synced 2025-12-06 00:23:54 +03:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
34b91218f4 | ||
|
8bdcd72042 | ||
|
2ad42cd0ec |
40
CHANGELOG.md
40
CHANGELOG.md
@@ -1,43 +1,3 @@
|
||||
## [v3.6.3](https://github.com/traefik/traefik/tree/v3.6.3) (2025-12-04)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.6.2...v3.6.3)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.29.0 ([#12333](https://github.com/traefik/traefik/pull/12333) by [ldez](https://github.com/ldez))
|
||||
- **[k8s/ingress-nginx]** Fix SSL redirect to match NGINX behavior ([#12361](https://github.com/traefik/traefik/pull/12361) by [mmatur](https://github.com/mmatur))
|
||||
- **[k8s/ingress-nginx]** Fix the service name for ingress-nginx provider ([#12352](https://github.com/traefik/traefik/pull/12352) by [mmatur](https://github.com/mmatur))
|
||||
- **[k8s/ingress-nginx]** Fix nginx.ingress.kubernetes.io/proxy-ssl-verify annotation support ([#12351](https://github.com/traefik/traefik/pull/12351) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[middleware,authentication]** Change ForwardAuth error log level from DEBUG to ERROR ([#12324](https://github.com/traefik/traefik/pull/12324) by [murataslan1](https://github.com/murataslan1))
|
||||
|
||||
**Documentation:**
|
||||
- **[api]** Fix typo in API dashboard configuration instructions ([#12335](https://github.com/traefik/traefik/pull/12335) by [NAICOLAS](https://github.com/NAICOLAS))
|
||||
- **[docker]** Add documentation for loadbalancer.server.url in Docker and Swarm providers ([#12289](https://github.com/traefik/traefik/pull/12289) by [webash](https://github.com/webash))
|
||||
- **[k8s/gatewayapi]** Fix links of Helm chart values reference to providers.kubernetesGateway.enabled ([#12315](https://github.com/traefik/traefik/pull/12315) by [shouhei](https://github.com/shouhei))
|
||||
- **[k8s/ingress-nginx]** Fix default value of ingress-nginx provider in documentation ([#12328](https://github.com/traefik/traefik/pull/12328) by [mloiseleur](https://github.com/mloiseleur))
|
||||
- **[k8s/ingress-nginx]** NGINX Ingress Controller to Traefik Migration Guide ([#12318](https://github.com/traefik/traefik/pull/12318) by [sheddy-traefik](https://github.com/sheddy-traefik))
|
||||
- **[k8s/ingress-nginx]** Improve the configuration options display of the Kubernetes ingress-nginx provider ([#12297](https://github.com/traefik/traefik/pull/12297) by [mloiseleur](https://github.com/mloiseleur))
|
||||
- **[k8s/ingress-nginx]** Improve ingress-nginx provider documentation ([#12288](https://github.com/traefik/traefik/pull/12288) by [sheddy-traefik](https://github.com/sheddy-traefik))
|
||||
- **[service]** Fix loadbalancer doc for highest random weight ([#12283](https://github.com/traefik/traefik/pull/12283) by [ozon2](https://github.com/ozon2))
|
||||
- Correctly Format the HTTP Service Documentation ([#12311](https://github.com/traefik/traefik/pull/12311) by [sheddy-traefik](https://github.com/sheddy-traefik))
|
||||
- Add documentation about checkNewVersion ([#12298](https://github.com/traefik/traefik/pull/12298) by [darkweaver87](https://github.com/darkweaver87))
|
||||
|
||||
**Misc:**
|
||||
- Merge branch v2.11 into v3.6 ([#12364](https://github.com/traefik/traefik/pull/12364) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- Merge branch v2.11 into v3.6 ([#12341](https://github.com/traefik/traefik/pull/12341) by [mmatur](https://github.com/mmatur))
|
||||
|
||||
## [v2.11.32](https://github.com/traefik/traefik/tree/v2.11.32) (2025-12-04)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v2.11.31...v2.11.32)
|
||||
|
||||
**Bug fixes:**
|
||||
- **[server]** Reject suspicious encoded characters ([#12360](https://github.com/traefik/traefik/pull/12360) by [rtribotte](https://github.com/rtribotte))
|
||||
- **[plugins]** Validate plugin module name ([#12291](https://github.com/traefik/traefik/pull/12291) by [kevinpollet](https://github.com/kevinpollet))
|
||||
- **[http3]** Bump github.com/quic-go/quic-go to v0.57.1 ([#12319](https://github.com/traefik/traefik/pull/12319) by [GreyXor](https://github.com/GreyXor))
|
||||
- **[http3]** Bump github.com/quic-go/quic-go to v0.57.0 ([#12308](https://github.com/traefik/traefik/pull/12308) by [GreyXor](https://github.com/GreyXor))
|
||||
- **[server]** Bump golang.org/x/crypto to v0.45.0 ([#12296](https://github.com/traefik/traefik/pull/12296) by [kevinpollet](https://github.com/kevinpollet))
|
||||
|
||||
**Documentation:**
|
||||
- Update SECURITY.md to streamline information ([#12310](https://github.com/traefik/traefik/pull/12310) by [emilevauge](https://github.com/emilevauge))
|
||||
- Update SECURITY.md ([#12304](https://github.com/traefik/traefik/pull/12304) by [cwayne18](https://github.com/cwayne18))
|
||||
|
||||
## [v3.6.2](https://github.com/traefik/traefik/tree/v3.6.2) (2025-11-18)
|
||||
[All Commits](https://github.com/traefik/traefik/compare/v3.6.1...v3.6.2)
|
||||
|
||||
|
||||
@@ -1,678 +0,0 @@
|
||||
---
|
||||
title: "Migrate from Ingress NGINX Controller to Traefik"
|
||||
description: "Step-by-step guide to migrate from Kubernetes Ingress NGINX Controller to Traefik with zero downtime and annotation compatibility."
|
||||
---
|
||||
|
||||
# Migrate from Ingress NGINX Controller to Traefik
|
||||
|
||||
How to migrate from Ingress NGINX Controller to Traefik with zero downtime.
|
||||
{: .subtitle }
|
||||
|
||||
---
|
||||
|
||||
!!! danger "Ingress NGINX Controller Retirement"
|
||||
|
||||
The Kubernetes Ingress NGINX Controller project has announced its retirement in **March 2026**. After this date:
|
||||
|
||||
- No new releases or updates
|
||||
- No security patches
|
||||
- No bug fixes
|
||||
|
||||
For more information, see the [official Kubernetes blog announcement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement).
|
||||
|
||||
## What You Will Achieve
|
||||
|
||||
By completing this migration, your existing Ingress resources will work with Traefik without any modifications. The Traefik Kubernetes Ingress NGINX Provider automatically translates NGINX annotations into Traefik configuration:
|
||||
|
||||
```yaml tab="Your Existing Ingress (No Changes Needed)"
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: myapp
|
||||
annotations:
|
||||
# These NGINX annotations are automatically translated by Traefik
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/enable-cors: "true"
|
||||
nginx.ingress.kubernetes.io/cors-allow-origin: "https://example.com"
|
||||
nginx.ingress.kubernetes.io/affinity: "cookie"
|
||||
nginx.ingress.kubernetes.io/session-cookie-name: "route"
|
||||
spec:
|
||||
ingressClassName: nginx # ← Traefik will watch this class
|
||||
rules:
|
||||
- host: myapp.example.com
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: whoami
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: whoami
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: whoami
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: whoami
|
||||
spec:
|
||||
containers:
|
||||
- name: whoami
|
||||
image: traefik/whoami
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: whoami
|
||||
spec:
|
||||
selector:
|
||||
app: whoami
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
```
|
||||
|
||||
For a complete list of supported annotations and behavioral differences, see the [Ingress NGINX Routing Configuration](../reference/routing-configuration/kubernetes/ingress-nginx.md) documentation.
|
||||
|
||||
!!! info "Traefik Version Requirement"
|
||||
|
||||
The Kubernetes Ingress NGINX provider requires **Traefik v3.6.2 or later**.
|
||||
|
||||
---
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before starting the migration, ensure you have:
|
||||
|
||||
- **Existing Ingress NGINX Controller** running in your Kubernetes cluster
|
||||
- **Kubernetes cluster access** with `kubectl` configured
|
||||
- **Cluster support for running multiple LoadBalancer services** on ports 80/443 simultaneously
|
||||
- **Helm**
|
||||
- **Cluster admin permissions** to create RBAC resources
|
||||
- **Backup of critical configurations** (Ingress resources, ConfigMaps, Secrets)
|
||||
|
||||
!!! tip "Backup Recommendations"
|
||||
|
||||
```bash
|
||||
# Export all Ingress resources
|
||||
kubectl get ingress --all-namespaces -o yaml > ingress-backup.yaml
|
||||
|
||||
# Export NGINX ConfigMaps
|
||||
kubectl get configmap --all-namespaces -l app.kubernetes.io/name=ingress-nginx -o yaml > nginx-configmaps.yaml
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Migration Strategy Overview
|
||||
|
||||
This migration achieves **zero downtime** by running Traefik alongside NGINX. Both controllers serve the same Ingress resources simultaneously, allowing you to progressively shift traffic before removing NGINX.
|
||||
|
||||
```text
|
||||
Current: DNS → LoadBalancer → NGINX → Your Services
|
||||
|
||||
Migration: DNS → LoadBalancer → NGINX → Your Services
|
||||
→ LoadBalancer → Traefik → Your Services
|
||||
|
||||
Final: DNS → LoadBalancer → Traefik → Your Services
|
||||
```
|
||||
|
||||
**Migration Flow:**
|
||||
|
||||
1. Install Traefik alongside NGINX (both serving traffic in parallel)
|
||||
2. Add Traefik LoadBalancer to DNS (if you choose DNS option; cf. step 3)
|
||||
3. Progressively shift traffic from NGINX to Traefik
|
||||
4. Remove NGINX from DNS, preserve the IngressClass, and uninstall
|
||||
|
||||
---
|
||||
|
||||
## Step 1: Install Traefik Alongside NGINX
|
||||
|
||||
??? info "Install Ingress NGINX Controller"
|
||||
|
||||
If you have not installed Ingress NGINX Controller yet, you can set up a fresh Ingress NGINX Controller installation following the instructions below:
|
||||
|
||||
### Install Ingress NGINX Controller
|
||||
|
||||
```bash
|
||||
helm upgrade --install ingress-nginx ingress-nginx \
|
||||
--repo https://kubernetes.github.io/ingress-nginx \
|
||||
--namespace ingress-nginx --create-namespace
|
||||
```
|
||||
Install Traefik with the Kubernetes Ingress NGINX provider enabled. Both controllers will serve the same Ingress resources simultaneously.
|
||||
|
||||
### Add Traefik Helm Repository
|
||||
|
||||
```bash
|
||||
helm repo add traefik https://traefik.github.io/charts
|
||||
helm repo update
|
||||
```
|
||||
|
||||
### Install Traefik
|
||||
|
||||
```bash
|
||||
helm upgrade --install traefik traefik/traefik \
|
||||
--namespace traefik --create-namespace \
|
||||
--set providers.kubernetesIngressNginx.enabled=true
|
||||
```
|
||||
|
||||
Or using a [values file](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/VALUES.md) for more configuration:
|
||||
|
||||
```yaml tab="traefik-values.yaml"
|
||||
...
|
||||
providers:
|
||||
kubernetesIngressNginx:
|
||||
enabled: true
|
||||
...
|
||||
```
|
||||
|
||||
```bash
|
||||
helm upgrade --install traefik traefik/traefik \
|
||||
--namespace traefik --create-namespace \
|
||||
--values traefik-values.yaml
|
||||
```
|
||||
|
||||
### Verify Both Controllers Are Running
|
||||
|
||||
```bash
|
||||
# Check NGINX pods
|
||||
kubectl get pods -n ingress-nginx
|
||||
|
||||
# Check Traefik pods
|
||||
kubectl get pods -n traefik
|
||||
|
||||
# Check both services have LoadBalancer IPs
|
||||
kubectl get svc -n ingress-nginx ingress-nginx-controller
|
||||
kubectl get svc -n traefik traefik
|
||||
```
|
||||
|
||||
At this point, both NGINX and Traefik are running and can serve the same Ingress resources. Traffic is still flowing only through NGINX since DNS points to the NGINX LoadBalancer.
|
||||
|
||||
---
|
||||
|
||||
## Step 2: Verify Traefik Is Handling Traffic
|
||||
|
||||
Before adding Traefik to DNS, verify it correctly serves your Ingress resources.
|
||||
|
||||
### Test via Traefik's LoadBalancer IP
|
||||
|
||||
Get Traefik's LoadBalancer IP and use `--resolve` to test without changing DNS:
|
||||
|
||||
```bash
|
||||
# Get LoadBalancer IPs
|
||||
NGINX_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller -o go-template='{{ $ing := index .status.loadBalancer.ingress 0 }}{{ if $ing.ip }}{{ $ing.ip }}{{ else }}{{ $ing.hostname }}{{ end }}')
|
||||
TRAEFIK_IP=$(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .status.loadBalancer.ingress 0 }}{{ if $ing.ip }}{{ $ing.ip }}{{ else }}{{ $ing.hostname }}{{ end }}')
|
||||
echo -e "Nginx IP: $NGINX_IP\nTraefik IP: $TRAEFIK_IP"
|
||||
|
||||
# Test HTTP for both
|
||||
FQDN=myapp.example.com
|
||||
# Observe HTTPS redirections:
|
||||
curl --connect-to "${FQDN}:80:${NGINX_IP}:80" "http://${FQDN}" -D -
|
||||
curl --connect-to "${FQDN}:80:${TRAEFIK_IP}:80" "http://${FQDN}" -D - # note X-Forwarded-Server which should be traefik
|
||||
|
||||
# Test HTTPS
|
||||
curl --connect-to "${FQDN}:443:${NGINX_IP}:443" "https://${FQDN}"
|
||||
curl --connect-to "${FQDN}:443:${TRAEFIK_IP}:443" "https://${FQDN}"
|
||||
```
|
||||
|
||||
!!! warning "TLS Certificates During Migration"
|
||||
|
||||
Both NGINX and Traefik must serve valid TLS certificates for HTTPS tests to succeed. Since Traefik is not publicly exposed during this verification phase, **Let's Encrypt HTTP challenge will not work**.
|
||||
|
||||
Your options for TLS certificates during migration:
|
||||
|
||||
- **Existing certificates via `tls.secretName`** - If you use cert-manager or another external tool, your existing TLS secrets referenced in `spec.tls` will work with both controllers
|
||||
- **Let's Encrypt DNS challenge** - Configure Traefik's [ACME DNS challenge](../reference/install-configuration/tls/certificate-resolvers/acme.md#dnschallenge) to obtain certificates without public exposure
|
||||
|
||||
Avoid using `curl -k` (skip certificate verification) as this masks TLS configuration issues that could cause problems after migration.
|
||||
|
||||
### Verify Ingress Discovery
|
||||
|
||||
Check Traefik logs to confirm it discovered your Ingress resources:
|
||||
|
||||
```bash
|
||||
kubectl logs -n traefik deployment/traefik | grep -i "ingress"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Step 3: Shift Traffic to Traefik
|
||||
|
||||
With both controllers running and verified, progressively shift traffic from NGINX to Traefik.
|
||||
|
||||
### Option A: DNS-Based Migration
|
||||
|
||||
Add the Traefik LoadBalancer IP to your DNS records alongside NGINX. This allows both controllers to receive traffic.
|
||||
|
||||
**Get LoadBalancer addresses:**
|
||||
|
||||
```bash
|
||||
# NGINX LoadBalancer
|
||||
echo $(kubectl get svc -n ingress-nginx ingress-nginx-controller -o go-template='{{ $ing := index .status.loadBalancer.ingress 0 }}{{ if $ing.ip }}{{ $ing.ip }}{{ else }}{{ $ing.hostname }}{{ end }}')
|
||||
|
||||
# Traefik LoadBalancer
|
||||
echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .status.loadBalancer.ingress 0 }}{{ if $ing.ip }}{{ $ing.ip }}{{ else }}{{ $ing.hostname }}{{ end }}')
|
||||
```
|
||||
|
||||
**Progressive DNS migration:**
|
||||
|
||||
1. **Add Traefik to DNS** - Add the Traefik LoadBalancer IP to your DNS records (both IPs now receive traffic via round-robin)
|
||||
2. **Monitor** - Observe traffic patterns on both controllers
|
||||
3. **Remove NGINX from DNS** - Once confident, remove the NGINX LoadBalancer IP from DNS
|
||||
4. **Wait for DNS propagation** - Allow time for DNS caches to expire
|
||||
5. **Uninstall NGINX** - Proceed to [Step 4](#step-4-uninstall-ingress-nginx-controller)
|
||||
|
||||
!!! warning "DNS TTL May Not Be Respected"
|
||||
|
||||
Some ISPs ignore DNS TTL values to reduce traffic costs, caching records longer than specified. After removing NGINX from DNS, keep NGINX running for at least 24-48 hours before uninstalling to avoid dropping traffic from users whose ISPs have stale DNS caches.
|
||||
|
||||
??? info "ExternalDNS Users"
|
||||
|
||||
If you use [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) to automatically manage DNS records based on Ingress status, both NGINX and Traefik will compete to update the Ingress status with their LoadBalancer IPs when `publishService` is enabled. Traefik typically wins because it updates faster, which can cause unexpected traffic shifts.
|
||||
|
||||
**Recommended approach for ExternalDNS:**
|
||||
|
||||
1. **[Install Traefik](#step-1-install-traefik-alongside-nginx) with `publishService` disabled**:
|
||||
|
||||
```yaml
|
||||
# traefik-values.yaml
|
||||
providers:
|
||||
kubernetesIngressNginx:
|
||||
enabled: true
|
||||
publishService:
|
||||
enabled: false # Disable to prevent status updates
|
||||
```
|
||||
|
||||
2. **Test Traefik** using [port-forward](#step-2-verify-traefik-is-handling-traffic) or a separate test hostname
|
||||
|
||||
3. **Switch DNS via NGINX** - Configure NGINX to publish Traefik's service address:
|
||||
|
||||
```yaml
|
||||
# nginx-values.yaml
|
||||
controller:
|
||||
publishService:
|
||||
pathOverride: "traefik/traefik" # Points to Traefik's service
|
||||
```
|
||||
|
||||
This makes NGINX update the Ingress status with Traefik's LoadBalancer IP, causing ExternalDNS to point traffic to Traefik.
|
||||
|
||||
4. **Verify traffic flows through Traefik** - At this point, you can still rollback by removing the `pathOverride`
|
||||
|
||||
5. **[Enable `publishService` on Traefik](#step-1-install-traefik-alongside-nginx)** and [uninstall NGINX](#step-5-uninstall-nginx-ingress-controller)
|
||||
|
||||
### Option B: External Load Balancer with Weighted Traffic
|
||||
|
||||
For more control over traffic distribution, use an external load balancer (like Traefik, Cloudflare, AWS ALB, or a dedicated load balancer) in front of both Kubernetes LoadBalancers.
|
||||
|
||||
!!! note "Infrastructure Prerequisite"
|
||||
|
||||
This option assumes you already have an external load balancer in your infrastructure, or are willing to set one up **before** starting the migration. Adding an external load balancer is a significant infrastructure change that should be planned and tested separately from the ingress controller migration.
|
||||
|
||||
**Setup:**
|
||||
|
||||
1. Create an external load balancer pointing to the NGINX Kubernetes LoadBalancer
|
||||
2. Update DNS to point to the external load balancer
|
||||
3. Add the Traefik Kubernetes LoadBalancer to the external load balancer with a low weight (e.g., 10%)
|
||||
4. Gradually increase Traefik's weight while decreasing NGINX's weight
|
||||
5. Once NGINX receives no traffic, uninstall it
|
||||
|
||||
**Example weight progression:**
|
||||
|
||||
| Phase | NGINX Weight | Traefik Weight | Duration |
|
||||
|-------|-------------|----------------|----------|
|
||||
| Initial | 100% | 0% | - |
|
||||
| Start | 90% | 10% | 1 hour |
|
||||
| Increase | 50% | 50% | 2 hour |
|
||||
| Near-complete | 10% | 90% | 4 hour |
|
||||
| Final | 0% | 100% | - |
|
||||
|
||||
!!! tip "External Load Balancer Options"
|
||||
|
||||
- **Cloudflare Load Balancing** - Traffic steering with health checks
|
||||
- **AWS Global Accelerator** - Weighted routing across endpoints
|
||||
- **Google Cloud Load Balancing** - Traffic splitting
|
||||
- **Traefik / HAProxy / NGINX (external)** - Self-hosted option with weighted backends
|
||||
- ...
|
||||
|
||||
### LoadBalancer IP Retention
|
||||
|
||||
If you want Traefik to eventually use the same LoadBalancer IP as NGINX (to simplify DNS management), you can transfer the IP after the migration. Since Traefik is already running with its own LoadBalancer, this can be done with zero downtime.
|
||||
|
||||
**Zero-downtime IP transfer process:**
|
||||
|
||||
1. Traefik is already running with its own LoadBalancer IP (from Step 1)
|
||||
2. Add Traefik's LoadBalancer IP to DNS (traffic now goes to both NGINX and Traefik)
|
||||
3. Remove NGINX's IP from DNS and wait for propagation
|
||||
4. Delete NGINX's LoadBalancer service to release the IP
|
||||
5. Upgrade Traefik to claim the released IP
|
||||
6. (Optional) Remove Traefik's old IP from DNS once the new IP is active
|
||||
|
||||
This way, traffic is always flowing to Traefik during the IP transfer.
|
||||
|
||||
**Get your current NGINX LoadBalancer IP:**
|
||||
|
||||
```bash
|
||||
kubectl get svc -n ingress-nginx ingress-nginx-controller -o go-template='{{ $ing := index .status.loadBalancer.ingress 0 }}{{ if $ing.ip }}{{ $ing.ip }}{{ else }}{{ $ing.hostname }}{{ end }}'
|
||||
```
|
||||
|
||||
??? note "AWS (Network Load Balancer with Elastic IPs)"
|
||||
|
||||
AWS does not support static IPs for Classic Load Balancers. Use Network Load Balancers (NLB) with Elastic IPs instead. This requires the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/) to be installed in your cluster.
|
||||
|
||||
**Pre-allocate Elastic IPs (one per availability zone):**
|
||||
|
||||
```bash
|
||||
aws ec2 allocate-address --domain vpc --region <your-region>
|
||||
# Note the AllocationId (eipalloc-xxx) for each EIP
|
||||
```
|
||||
|
||||
**Update `traefik-values.yaml`:**
|
||||
|
||||
```yaml
|
||||
service:
|
||||
type: LoadBalancer
|
||||
loadBalancerClass: service.k8s.aws/nlb # Requires AWS Load Balancer Controller
|
||||
annotations:
|
||||
service.beta.kubernetes.io/aws-load-balancer-type: "external"
|
||||
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip"
|
||||
service.beta.kubernetes.io/aws-load-balancer-eip-allocations: "eipalloc-xxx,eipalloc-yyy"
|
||||
```
|
||||
|
||||
For more details, see the [AWS Load Balancer Controller annotations documentation](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/).
|
||||
|
||||
??? note "Azure"
|
||||
|
||||
Azure supports static public IPs for Load Balancers.
|
||||
|
||||
**Identify existing public IP:**
|
||||
|
||||
```bash
|
||||
az network public-ip list --resource-group <your-resource-group> \
|
||||
--query "[?ipAddress=='<your-ip>'].name" -o tsv
|
||||
```
|
||||
|
||||
**Update `traefik-values.yaml`:**
|
||||
|
||||
```yaml
|
||||
service:
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
# Only needed if the public IP is in a different resource group than the AKS cluster
|
||||
service.beta.kubernetes.io/azure-load-balancer-resource-group: "<public-ip-resource-group>"
|
||||
spec:
|
||||
loadBalancerIP: "<your-existing-ip>"
|
||||
```
|
||||
|
||||
For more details, see the [Azure AKS static IP documentation](https://learn.microsoft.com/en-us/azure/aks/static-ip).
|
||||
|
||||
??? note "GCP"
|
||||
|
||||
GCP supports static IPs through reserved regional IP addresses.
|
||||
|
||||
**Reserve or identify existing IP:**
|
||||
|
||||
```bash
|
||||
# List existing static IPs
|
||||
gcloud compute addresses list
|
||||
|
||||
# Or reserve a new regional static IP (must be in the same region as your GKE cluster)
|
||||
gcloud compute addresses create traefik-ip --region <your-cluster-region>
|
||||
```
|
||||
|
||||
**Update `traefik-values.yaml`:**
|
||||
|
||||
```yaml
|
||||
service:
|
||||
type: LoadBalancer
|
||||
spec:
|
||||
loadBalancerIP: "<your-static-ip>"
|
||||
```
|
||||
|
||||
For more details, see the [GKE LoadBalancer Service parameters documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer-parameters).
|
||||
|
||||
??? note "Other Cloud Providers"
|
||||
|
||||
- **DigitalOcean:** Supports `loadBalancerIP` with floating IPs
|
||||
- **Linode:** Supports `loadBalancerIP` specification
|
||||
- **Bare Metal (MetalLB):** Use IP address pools
|
||||
|
||||
**Transfer the IP:**
|
||||
|
||||
Once DNS is pointing to Traefik and your values are configured with the target IP:
|
||||
|
||||
```bash
|
||||
# Ensure Traefik is already receiving traffic via its current LoadBalancer
|
||||
kubectl get svc -n traefik traefik
|
||||
|
||||
# Delete NGINX LoadBalancer service to release the IP
|
||||
kubectl delete svc -n ingress-nginx ingress-nginx-controller
|
||||
|
||||
# Upgrade Traefik to claim the released IP
|
||||
helm upgrade traefik traefik/traefik \
|
||||
--namespace traefik \
|
||||
--values traefik-values.yaml
|
||||
|
||||
# Verify Traefik now has the old NGINX IP
|
||||
kubectl get svc -n traefik traefik
|
||||
```
|
||||
|
||||
!!! tip "Zero Downtime During Helm Upgrade"
|
||||
|
||||
The Helm upgrade only restarts the Traefik pod, not the LoadBalancer service. Traefik uses a `RollingUpdate` deployment strategy by default, so the new pod starts before the old one terminates. For additional safety, configure high availability:
|
||||
|
||||
```yaml
|
||||
# In traefik-values.yaml
|
||||
deployment:
|
||||
replicas: 2
|
||||
|
||||
# Spread pods across nodes to survive node failures
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: traefik
|
||||
app.kubernetes.io/instance: traefik
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
# Ensure at least one pod is always available during disruptions
|
||||
podDisruptionBudget:
|
||||
enabled: true
|
||||
minAvailable: 1
|
||||
```
|
||||
|
||||
With multiple replicas spread across nodes and a PodDisruptionBudget, at least one pod is always running during upgrades and node maintenance.
|
||||
|
||||
---
|
||||
|
||||
## Step 4: Uninstall Ingress NGINX Controller
|
||||
|
||||
Once NGINX is no longer receiving traffic, remove it from your cluster. Before uninstalling, you must ensure the `nginx` IngressClass is preserved. Traefik needs it to continue discovering your Ingresses.
|
||||
|
||||
### Preserve the IngressClass
|
||||
|
||||
??? note "If NGINX Was Installed via Helm"
|
||||
|
||||
Add the `helm.sh/resource-policy: keep` annotation to tell Helm to preserve the IngressClass:
|
||||
|
||||
```bash
|
||||
# Add the required annotation
|
||||
helm upgrade ingress-nginx ingress-nginx \
|
||||
--repo https://kubernetes.github.io/ingress-nginx \
|
||||
--namespace ingress-nginx \
|
||||
--reuse-values \
|
||||
--set-json 'controller.ingressClassResource.annotations={"helm.sh/resource-policy": "keep"}'
|
||||
# Check that the annotation is really here
|
||||
kubectl describe ingressclass nginx
|
||||
```
|
||||
|
||||
The `--reuse-values` flag is critical - it preserves all your existing NGINX configuration. Without it, Helm would reset everything to defaults, potentially breaking your setup.
|
||||
|
||||
!!! info "kubectl annotate/patch/edit does not work"
|
||||
|
||||
Adding the annotation via `kubectl annotate`, `kubectl patch`, or `kubectl edit` will not preserve the IngressClass. Helm stores its release state internally and checks annotations from its internal manifest, not the live cluster state. Only `helm upgrade` updates Helm's internal state.
|
||||
|
||||
??? note "If NGINX Was Installed via GitOps (ArgoCD, Flux)"
|
||||
|
||||
Ensure the `nginx` IngressClass is defined as a standalone resource in your Git repository, separate from the NGINX Helm release:
|
||||
|
||||
```yaml
|
||||
# ingressclass.yaml
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
controller: k8s.io/ingress-nginx
|
||||
```
|
||||
|
||||
??? note "If NGINX Was Installed Manually"
|
||||
|
||||
Create the IngressClass as a standalone resource:
|
||||
|
||||
```bash
|
||||
kubectl apply -f - <<EOF
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: IngressClass
|
||||
metadata:
|
||||
name: nginx
|
||||
spec:
|
||||
controller: k8s.io/ingress-nginx
|
||||
EOF
|
||||
```
|
||||
|
||||
### Delete NGINX Admission Webhook
|
||||
|
||||
You should delete the admission webhook to avoid issues with Ingress modifications after NGINX is removed:
|
||||
|
||||
```bash
|
||||
kubectl delete validatingwebhookconfiguration ingress-nginx-admission
|
||||
kubectl delete mutatingwebhookconfiguration ingress-nginx-admission --ignore-not-found
|
||||
```
|
||||
|
||||
### Uninstall NGINX
|
||||
|
||||
```bash
|
||||
helm uninstall ingress-nginx -n ingress-nginx
|
||||
```
|
||||
|
||||
If you added the `helm.sh/resource-policy: keep` annotation, you should see:
|
||||
|
||||
```text
|
||||
These resources were kept due to the resource policy:
|
||||
[IngressClass] nginx
|
||||
|
||||
release "ingress-nginx" uninstalled
|
||||
```
|
||||
|
||||
### Verify IngressClass Exists
|
||||
|
||||
```bash
|
||||
kubectl get ingressclass nginx
|
||||
```
|
||||
|
||||
In case, the ingressClass is somehow deleted, you can recreate it using the commands in [Preserve the IngressClass](#preserve-the-ingressclass).
|
||||
|
||||
### Clean Up NGINX Namespace
|
||||
|
||||
```bash
|
||||
kubectl delete namespace ingress-nginx
|
||||
```
|
||||
|
||||
!!! success "Migration Complete"
|
||||
|
||||
Congratulations! You have successfully migrated from Ingress NGINX Controller to Traefik with zero downtime. Your existing Ingresses with `ingressClassName: nginx` continue to work, now served by Traefik.
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
There is a dashboard available in Traefik that can help to understand what's going on.
|
||||
Refer to the [dedicated documentation](../reference/install-configuration/api-dashboard.md#configuration-example) to enable it.
|
||||
|
||||
??? note "Ingresses Not Discovered by Traefik"
|
||||
|
||||
```bash
|
||||
# Verify IngressClass exists
|
||||
kubectl get ingressclass nginx
|
||||
|
||||
# Check Traefik provider configuration
|
||||
kubectl logs -n traefik deployment/traefik | grep -i "nginx\|ingress"
|
||||
|
||||
# Verify Ingress has correct ingressClassName
|
||||
kubectl get ingress <name> -o yaml | grep ingressClassName
|
||||
```
|
||||
|
||||
??? note "Annotation Not Working as Expected"
|
||||
|
||||
Some NGINX annotations have behavioral differences in Traefik. Check the [limitations documentation](../reference/routing-configuration/kubernetes/ingress-nginx.md#limitations) for details.
|
||||
|
||||
??? note "TLS Certificates Not Working"
|
||||
|
||||
Existing TLS configurations continue to work with Traefik:
|
||||
|
||||
- Keep `spec.tls` entries exactly as-is; Traefik terminates TLS using the referenced secrets
|
||||
- TLS secrets must stay in the same namespace as the Ingress
|
||||
- NGINX `ssl-redirect` / `force-ssl-redirect` annotations are honored
|
||||
|
||||
```bash
|
||||
# Verify TLS secret exists in the same namespace as Ingress
|
||||
kubectl get secrets -n <namespace>
|
||||
|
||||
# Check secret format
|
||||
kubectl get secret <tls-secret-name> -n <namespace> -o yaml
|
||||
```
|
||||
|
||||
??? note "LoadBalancer IP Not Assigned"
|
||||
|
||||
```bash
|
||||
# Check service status
|
||||
kubectl describe svc -n traefik traefik
|
||||
|
||||
# Check for events
|
||||
kubectl get events -n traefik --sort-by='.lastTimestamp'
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Next Steps
|
||||
|
||||
**Learn More About Traefik:**
|
||||
|
||||
- [Kubernetes Ingress NGINX Install Configuration](../reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md) - Detailed provider configuration
|
||||
- [Kubernetes Ingress NGINX Routing Configuration](../reference/routing-configuration/kubernetes/ingress-nginx.md) - Routing rules and annotation support
|
||||
- [HTTP Middlewares](../reference/routing-configuration/http/middlewares/overview.md) - Extend functionality beyond NGINX annotations
|
||||
- [TLS Configuration](../reference/routing-configuration/http/tls/overview.md) - Advanced TLS and certificate management
|
||||
|
||||
**Enhance Your Setup:**
|
||||
|
||||
- Enable [metrics](../reference/install-configuration/observability/metrics.md) and [tracing](../reference/install-configuration/observability/tracing.md)
|
||||
- Configure [access logs](../reference/install-configuration/observability/logs-and-accesslogs.md) for observability
|
||||
- Explore [Traefik Middlewares](../reference/routing-configuration/http/middlewares/overview.md) for advanced traffic management
|
||||
- Migrate from Nginx-based config to Traefik [IngressRoute](../reference/routing-configuration/kubernetes/crd/http/ingressroute.md) or [Kubernetes Gateway API](../reference/routing-configuration/kubernetes/gateway-api.md)
|
||||
- Consider [Traefik Hub](https://traefik.io/traefik-hub/) for enterprise features like AI & API Gateway, API Management, and advanced security
|
||||
|
||||
---
|
||||
|
||||
## Feedback and Support
|
||||
|
||||
If you encounter issues during migration or have suggestions for improving this guide:
|
||||
|
||||
- **Report Issues:** [GitHub Issues](https://github.com/traefik/traefik/issues)
|
||||
- **Community Support:** [Traefik Community Forum](https://community.traefik.io/)
|
||||
- **Enterprise Support:** [Traefik Labs Commercial Support](https://traefik.io/pricing/)
|
||||
|
||||
We welcome contributions to improve this migration guide. See our [contribution guidelines](../contributing/submitting-pull-requests.md) to get started.
|
||||
@@ -554,25 +554,3 @@ The KubernetesIngressNGINX Provider is no longer experimental in v3.6.2 and can
|
||||
|
||||
1. Remove the `kubernetesIngressNGINX` option from the experimental section
|
||||
2. Configure the provider using the [kubernetesIngressNGINX Provider documentation](../reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md)
|
||||
|
||||
## v3.6.3
|
||||
|
||||
### Encoded Characters in Request Path
|
||||
|
||||
Starting with `v3.6.3`, for security reasons, Traefik now rejects requests with a path containing a specific set of encoded characters by default.
|
||||
|
||||
When such a request is received, Traefik responds with a `400 Bad Request` status code.
|
||||
|
||||
Here is the list of the encoded characters that are rejected by default, along with the corresponding configuration option to allow them:
|
||||
|
||||
| Encoded Character | Character | Config option to allow the encoded character |
|
||||
|-------------------|-------------------------|--------------------------------------------------------------------------------------|
|
||||
| `%2f` or `%2F` | `/` (slash) | `entryPoints.<name>`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSlash` |
|
||||
| `%5c` or `%5C` | `\` (backslash) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedBackSlash` |
|
||||
| `%00` | `NULL` (null character) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedNullCharacter` |
|
||||
| `%3b` or `%3B` | `;` (semicolon) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedSemicolon` |
|
||||
| `%25` | `%` (percent) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedPercent` |
|
||||
| `%3f` or `%3F` | `?` (question mark) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedQuestionMark` |
|
||||
| `%23` | `#` (hash) | `entryPoints.<name>.`<br/>`.http.encodedCharacters`<br/>`.allowEncodedHash` |
|
||||
|
||||
Please check out the entrypoint [encodedCharacters option](../reference/install-configuration/entrypoints.md#opt-http-encodedCharacters) documentation for more details.
|
||||
|
||||
@@ -2041,9 +2041,8 @@ spec:
|
||||
More info: https://doc.traefik.io/traefik/v3.6/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: |-
|
||||
Permanent defines whether the redirection is permanent.
|
||||
For HTTP GET requests a 301 is returned, otherwise a 308 is returned.
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(308).
|
||||
type: boolean
|
||||
port:
|
||||
description: Port defines the port of the new URL.
|
||||
|
||||
@@ -1211,9 +1211,8 @@ spec:
|
||||
More info: https://doc.traefik.io/traefik/v3.6/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: |-
|
||||
Permanent defines whether the redirection is permanent.
|
||||
For HTTP GET requests a 301 is returned, otherwise a 308 is returned.
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(308).
|
||||
type: boolean
|
||||
port:
|
||||
description: Port defines the port of the new URL.
|
||||
|
||||
@@ -150,7 +150,7 @@ http:
|
||||
The API and the dashboard can be configured:
|
||||
|
||||
- In the Helm Chart: You can find the options to customize the Traefik installation
|
||||
enabling the dashboard [here](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L155).
|
||||
enabing the dashboard [here](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L155).
|
||||
- In the Traefik Static Configuration as described below.
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|
||||
@@ -85,14 +85,6 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-insecure" href="#opt-entrypoints-name-forwardedheaders-insecure" title="#opt-entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-trustedips" href="#opt-entrypoints-name-forwardedheaders-trustedips" title="#opt-entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
|
||||
| <a id="opt-entrypoints-name-http" href="#opt-entrypoints-name-http" title="#opt-entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters" href="#opt-entrypoints-name-http-encodedcharacters" title="#opt-entrypoints-name-http-encodedcharacters">entrypoints._name_.http.encodedcharacters</a> | Defines which encoded characters are allowed in the request path. | |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash">entrypoints._name_.http.encodedcharacters.allowencodedbackslash</a> | Defines whether requests with encoded back slash characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedhash" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedhash" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedhash">entrypoints._name_.http.encodedcharacters.allowencodedhash</a> | Defines whether requests with encoded hash characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodednullcharacter" href="#opt-entrypoints-name-http-encodedcharacters-allowencodednullcharacter" title="#opt-entrypoints-name-http-encodedcharacters-allowencodednullcharacter">entrypoints._name_.http.encodedcharacters.allowencodednullcharacter</a> | Defines whether requests with encoded null characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedpercent" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedpercent" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedpercent">entrypoints._name_.http.encodedcharacters.allowencodedpercent</a> | Defines whether requests with encoded percent characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedquestionmark" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedquestionmark" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedquestionmark">entrypoints._name_.http.encodedcharacters.allowencodedquestionmark</a> | Defines whether requests with encoded question mark characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedsemicolon" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedsemicolon" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedsemicolon">entrypoints._name_.http.encodedcharacters.allowencodedsemicolon</a> | Defines whether requests with encoded semicolon characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedslash" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedslash" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedslash">entrypoints._name_.http.encodedcharacters.allowencodedslash</a> | Defines whether requests with encoded slash characters in the path are allowed. | false |
|
||||
| <a id="opt-entrypoints-name-http-encodequerysemicolons" href="#opt-entrypoints-name-http-encodequerysemicolons" title="#opt-entrypoints-name-http-encodequerysemicolons">entrypoints._name_.http.encodequerysemicolons</a> | Defines whether request query semicolons should be URLEncoded. | false |
|
||||
| <a id="opt-entrypoints-name-http-maxheaderbytes" href="#opt-entrypoints-name-http-maxheaderbytes" title="#opt-entrypoints-name-http-maxheaderbytes">entrypoints._name_.http.maxheaderbytes</a> | Maximum size of request headers in bytes. | 1048576 |
|
||||
| <a id="opt-entrypoints-name-http-middlewares" href="#opt-entrypoints-name-http-middlewares" title="#opt-entrypoints-name-http-middlewares">entrypoints._name_.http.middlewares</a> | Default middlewares for the routers linked to the entry point. | |
|
||||
|
||||
@@ -94,14 +94,6 @@ additionalArguments:
|
||||
| <a id="opt-http-redirections-entryPoint-scheme" href="#opt-http-redirections-entryPoint-scheme" title="#opt-http-redirections-entryPoint-scheme">`http.redirections.`<br />`entryPoint.scheme`</a> | The target scheme to use for (permanent) redirection of all incoming requests. | https | No |
|
||||
| <a id="opt-http-redirections-entryPoint-permanent" href="#opt-http-redirections-entryPoint-permanent" title="#opt-http-redirections-entryPoint-permanent">`http.redirections.`<br />`entryPoint.permanent`</a> | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No |
|
||||
| <a id="opt-http-redirections-entryPoint-priority" href="#opt-http-redirections-entryPoint-priority" title="#opt-http-redirections-entryPoint-priority">`http.redirections.`<br />`entryPoint.priority`</a> | Default priority applied to the routers attached to the `entryPoint`. | MaxInt32-1 (2147483646) | No |
|
||||
| <a id="opt-http-encodedCharacters" href="#opt-http-encodedCharacters" title="#opt-http-encodedCharacters">`http.encodedCharacters`</a> | Defines which encoded characters are allowed in the request path. More information [here](#encoded-characters). | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedSlash" href="#opt-http-encodedCharacters-allowEncodedSlash" title="#opt-http-encodedCharacters-allowEncodedSlash">`http.encodedCharacters.`<br />`allowEncodedSlash`</a> | Defines whether requests with encoded slash characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedBackSlash" href="#opt-http-encodedCharacters-allowEncodedBackSlash" title="#opt-http-encodedCharacters-allowEncodedBackSlash">`http.encodedCharacters.`<br />`allowEncodedBackSlash`</a> | Defines whether requests with encoded back slash characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedNullCharacter" href="#opt-http-encodedCharacters-allowEncodedNullCharacter" title="#opt-http-encodedCharacters-allowEncodedNullCharacter">`http.encodedCharacters.`<br />`allowEncodedNullCharacter`</a> | Defines whether requests with encoded null characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedSemicolon" href="#opt-http-encodedCharacters-allowEncodedSemicolon" title="#opt-http-encodedCharacters-allowEncodedSemicolon">`http.encodedCharacters.`<br />`allowEncodedSemicolon`</a> | Defines whether requests with encoded semicolon characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedPercent" href="#opt-http-encodedCharacters-allowEncodedPercent" title="#opt-http-encodedCharacters-allowEncodedPercent">`http.encodedCharacters.`<br />`allowEncodedPercent`</a> | Defines whether requests with encoded percent characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedQuestionMark" href="#opt-http-encodedCharacters-allowEncodedQuestionMark" title="#opt-http-encodedCharacters-allowEncodedQuestionMark">`http.encodedCharacters.`<br />`allowEncodedQuestionMark`</a> | Defines whether requests with encoded question mark characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodedCharacters-allowEncodedHash" href="#opt-http-encodedCharacters-allowEncodedHash" title="#opt-http-encodedCharacters-allowEncodedHash">`http.encodedCharacters.`<br />`allowEncodedHash`</a> | Defines whether requests with encoded hash characters in the path are allowed. | false | No |
|
||||
| <a id="opt-http-encodeQuerySemicolons" href="#opt-http-encodeQuerySemicolons" title="#opt-http-encodeQuerySemicolons">`http.encodeQuerySemicolons`</a> | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons). | false | No |
|
||||
| <a id="opt-http-sanitizePath" href="#opt-http-sanitizePath" title="#opt-http-sanitizePath">`http.sanitizePath`</a> | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath). | false | No |
|
||||
| <a id="opt-http-middlewares" href="#opt-http-middlewares" title="#opt-http-middlewares">`http.middlewares`</a> | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares). | - | No |
|
||||
@@ -216,27 +208,6 @@ it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
|
||||
| <a id="opt-false-6" href="#opt-false-6" title="#opt-false-6">false</a> | /./foo/../bar// | /./foo/../bar// |
|
||||
| <a id="opt-true-6" href="#opt-true-6" title="#opt-true-6">true</a> | /./foo/../bar// | /bar/ |
|
||||
|
||||
### Encoded Characters
|
||||
|
||||
You can configure Traefik to control the handling of encoded characters in request paths for security purposes.
|
||||
By default, Traefik rejects requests containing certain encoded characters that could be used in path traversal or other security attacks.
|
||||
|
||||
!!! warning "Security Considerations"
|
||||
|
||||
Allowing certain encoded characters may expose your application to security vulnerabilities.
|
||||
|
||||
Here is the list of the encoded characters that are rejected by default:
|
||||
|
||||
| Encoded Character | Character |
|
||||
|-------------------|-------------------------|
|
||||
| <a id="opt-2f-or-2F" href="#opt-2f-or-2F" title="#opt-2f-or-2F">`%2f` or `%2F`</a> | `/` (slash) |
|
||||
| <a id="opt-5c-or-5C" href="#opt-5c-or-5C" title="#opt-5c-or-5C">`%5c` or `%5C`</a> | `\` (backslash) |
|
||||
| <a id="opt-00" href="#opt-00" title="#opt-00">`%00`</a> | `NULL` (null character) |
|
||||
| <a id="opt-3b-or-3B" href="#opt-3b-or-3B" title="#opt-3b-or-3B">`%3b` or `%3B`</a> | `;` (semicolon) |
|
||||
| <a id="opt-25" href="#opt-25" title="#opt-25">`%25`</a> | `%` (percent) |
|
||||
| <a id="opt-3f-or-3F" href="#opt-3f-or-3F" title="#opt-3f-or-3F">`%3f` or `%3F`</a> | `?` (question mark) |
|
||||
| <a id="opt-23" href="#opt-23" title="#opt-23">`%23`</a> | `#` (hash) |
|
||||
|
||||
### HTTP3
|
||||
|
||||
As HTTP/3 actually uses UDP, when Traefik is configured with a TCP `entryPoint`
|
||||
|
||||
@@ -13,8 +13,6 @@ It also supports many of the [ingress-nginx](https://kubernetes.github.io/ingres
|
||||
The Kubernetes NGINX Ingress Controller project has announced its retirement in **March 2026** and will no longer receive updates or security patches.
|
||||
Traefik provides a migration path by supporting NGINX annotations, allowing you to transition your workloads without rewriting all your Ingress configurations.
|
||||
|
||||
**→ See the [NGINX to Traefik Migration Guide](../../../../migrate/nginx-to-traefik.md) for step-by-step instructions.**
|
||||
|
||||
For more information about the NGINX Ingress Controller retirement, see the [official Kubernetes blog announcement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement).
|
||||
|
||||
## Ingress Discovery
|
||||
@@ -34,6 +32,11 @@ You can enable the Kubernetes Ingress NGINX provider as detailed below:
|
||||
```yaml tab="File (YAML)"
|
||||
providers:
|
||||
kubernetesIngressNGINX:
|
||||
endpoint: "https://kubernetes.default.svc"
|
||||
token: "mytoken"
|
||||
certAuthFilePath: "/path/to/ca.crt"
|
||||
throttleDuration: "2s"
|
||||
|
||||
# Namespace discovery
|
||||
watchNamespace: "default"
|
||||
# OR use namespace selector (mutually exclusive with watchNamespace)
|
||||
@@ -44,10 +47,25 @@ providers:
|
||||
controllerClass: "k8s.io/ingress-nginx"
|
||||
watchIngressWithoutClass: false
|
||||
ingressClassByName: false
|
||||
|
||||
# Status updates
|
||||
publishService: "kube-system/traefik"
|
||||
publishStatusAddress: "203.0.113.42"
|
||||
|
||||
# Default backend
|
||||
defaultBackendService: "default/default-backend"
|
||||
|
||||
# Security
|
||||
disableSvcExternalName: false
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[providers.kubernetesIngressNGINX]
|
||||
endpoint = "https://kubernetes.default.svc"
|
||||
token = "mytoken"
|
||||
certAuthFilePath = "/path/to/ca.crt"
|
||||
throttleDuration = "2s"
|
||||
|
||||
# Namespace discovery
|
||||
watchNamespace = "default"
|
||||
# OR use namespace selector (mutually exclusive with watchNamespace)
|
||||
@@ -58,15 +76,33 @@ providers:
|
||||
controllerClass = "k8s.io/ingress-nginx"
|
||||
watchIngressWithoutClass = false
|
||||
ingressClassByName = false
|
||||
|
||||
# Status updates
|
||||
publishService = "kube-system/traefik"
|
||||
publishStatusAddress = "203.0.113.42"
|
||||
|
||||
# Default backend
|
||||
defaultBackendService = "default/default-backend"
|
||||
|
||||
# Security
|
||||
disableSvcExternalName = false
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--providers.kubernetesingressnginx=true
|
||||
--providers.kubernetesingressnginx.endpoint=https://kubernetes.default.svc
|
||||
--providers.kubernetesingressnginx.token=mytoken
|
||||
--providers.kubernetesingressnginx.certauthfilepath=/path/to/ca.crt
|
||||
--providers.kubernetesingressnginx.throttleduration=2s
|
||||
--providers.kubernetesingressnginx.watchnamespace=default
|
||||
--providers.kubernetesingressnginx.ingressclass=nginx
|
||||
--providers.kubernetesingressnginx.controllerclass=k8s.io/ingress-nginx
|
||||
--providers.kubernetesingressnginx.watchingresswithoutclass=false
|
||||
--providers.kubernetesingressnginx.ingressclassbyname=false
|
||||
--providers.kubernetesingressnginx.publishservice=kube-system/traefik
|
||||
--providers.kubernetesingressnginx.publishstatusaddress=203.0.113.42
|
||||
--providers.kubernetesingressnginx.defaultbackendservice=default/default-backend
|
||||
--providers.kubernetesingressnginx.disablesvcexternalname=false
|
||||
```
|
||||
|
||||
```yaml tab="Helm Chart Values"
|
||||
@@ -75,6 +111,18 @@ providers:
|
||||
# -- Enable Kubernetes Ingress NGINX provider
|
||||
enabled: true
|
||||
|
||||
# -- Kubernetes server endpoint (required for external cluster client)
|
||||
endpoint: "https://kubernetes.default.svc"
|
||||
|
||||
# -- Kubernetes bearer token (not needed for in-cluster client)
|
||||
token: "mytoken"
|
||||
|
||||
# -- Kubernetes certificate authority file path (not needed for in-cluster client)
|
||||
certAuthFilePath: "/path/to/ca.crt"
|
||||
|
||||
# -- Ingress refresh throttle duration
|
||||
throttleDuration: "2s"
|
||||
|
||||
# Namespace discovery
|
||||
# -- Namespace the controller watches for updates to Kubernetes objects
|
||||
# When using rbac.namespaced, it will watch helm release namespace and namespaces listed in this array
|
||||
@@ -92,6 +140,22 @@ providers:
|
||||
watchIngressWithoutClass: false
|
||||
# -- Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class
|
||||
ingressClassByName: false
|
||||
|
||||
# Status updates
|
||||
# -- Service fronting the Ingress controller
|
||||
publishService:
|
||||
enabled: true
|
||||
pathOverride: "kube-system/traefik"
|
||||
# -- Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects
|
||||
publishStatusAddress: "203.0.113.42"
|
||||
|
||||
# Default backend
|
||||
# -- Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'
|
||||
defaultBackendService: "default/default-backend"
|
||||
|
||||
# Security
|
||||
# -- Disable support for Services of type ExternalName
|
||||
disableSvcExternalName: false
|
||||
```
|
||||
|
||||
This provider watches for incoming Ingress events and automatically translates NGINX annotations into Traefik's dynamic configuration, creating the corresponding routers, services, middlewares, and other components needed to route traffic to your cluster services.
|
||||
|
||||
@@ -157,39 +157,39 @@ On subsequent requests, to keep the session alive with the same server, the clie
|
||||
|
||||
##### Stickiness on multiple levels
|
||||
|
||||
When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.
|
||||
When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.
|
||||
|
||||
##### Stickiness & Unhealthy Servers
|
||||
|
||||
If the server specified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
|
||||
If the server specified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
|
||||
|
||||
##### Cookie Name
|
||||
|
||||
The default cookie name is an abbreviation of a sha1 (ex: `_1d52e`).
|
||||
The default cookie name is an abbreviation of a sha1 (ex: `_1d52e`).
|
||||
|
||||
##### MaxAge
|
||||
|
||||
By default, the affinity cookie will never expire as the `MaxAge` option is set to zero.
|
||||
|
||||
This option indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
By default, the affinity cookie will never expire as the `MaxAge` option is set to zero.
|
||||
|
||||
This option indicates the number of seconds until the cookie expires.
|
||||
When set to a negative number, the cookie expires immediately.
|
||||
|
||||
##### Secure & HTTPOnly & SameSite flags
|
||||
|
||||
By default, the affinity cookie is created without those flags.
|
||||
One however can change that through configuration.
|
||||
By default, the affinity cookie is created without those flags.
|
||||
One however can change that through configuration.
|
||||
|
||||
`SameSite` can be `none`, `lax`, `strict` or empty.
|
||||
`SameSite` can be `none`, `lax`, `strict` or empty.
|
||||
|
||||
##### Domain
|
||||
|
||||
The Domain attribute of a cookie specifies the domain for which the cookie is valid.
|
||||
|
||||
By setting the Domain attribute, the cookie can be shared across subdomains (for example, a cookie set for example.com would be accessible to www.example.com, api.example.com, etc.). This is particularly useful in cases where sticky sessions span multiple subdomains, ensuring that the session is maintained even when the client interacts with different parts of the infrastructure.
|
||||
The Domain attribute of a cookie specifies the domain for which the cookie is valid.
|
||||
|
||||
By setting the Domain attribute, the cookie can be shared across subdomains (for example, a cookie set for example.com would be accessible to www.example.com, api.example.com, etc.). This is particularly useful in cases where sticky sessions span multiple subdomains, ensuring that the session is maintained even when the client interacts with different parts of the infrastructure.
|
||||
|
||||
??? example "Adding Stickiness -- Using the [File Provider](../../../install-configuration/providers/others/file.md)"
|
||||
|
||||
```yaml tab="Structured (YAML)"
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
@@ -199,7 +199,7 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
cookie: {}
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML)"
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.my-service]
|
||||
@@ -208,7 +208,7 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
|
||||
??? example "Adding Stickiness with custom Options -- Using the [File Provider](../../../install-configuration/providers/others/file.md)"
|
||||
|
||||
```yaml tab="Structured (YAML)"
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
@@ -222,7 +222,7 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
httpOnly: true
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML)"
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.my-service]
|
||||
@@ -236,7 +236,7 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
|
||||
??? example "Setting Stickiness on all the required levels -- Using the [File Provider](../../../install-configuration/providers/others/file.md)"
|
||||
|
||||
```yaml tab="Structured (YAML)"
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
@@ -270,7 +270,7 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
- url: http://127.0.0.1:8084
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML)"
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.wrr1]
|
||||
@@ -302,11 +302,11 @@ By setting the Domain attribute, the cookie can be shared across subdomains (for
|
||||
url = "http://127.0.0.1:8084"
|
||||
```
|
||||
|
||||
To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
|
||||
To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
|
||||
|
||||
```bash
|
||||
curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000
|
||||
```
|
||||
```
|
||||
curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000
|
||||
```
|
||||
|
||||
#### Passive Health Check
|
||||
|
||||
@@ -453,14 +453,13 @@ http:
|
||||
[[http.services.appv2.loadBalancer.servers]]
|
||||
url = "http://private-ip-server-2/"
|
||||
```
|
||||
|
||||
## P2C
|
||||
|
||||
Power of two choices algorithm is a load balancing strategy that selects two servers at random and chooses the one with the least number of active requests.
|
||||
|
||||
??? example "P2C Load Balancing -- Using the [File Provider](../../../install-configuration/providers/others/file.md)"
|
||||
|
||||
```yaml tab="Structured (YAML)"
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
@@ -473,7 +472,7 @@ Power of two choices algorithm is a load balancing strategy that selects two ser
|
||||
- url: "http://private-ip-server-3/"
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML) "
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.my-service.loadBalancer]
|
||||
@@ -502,7 +501,7 @@ Weighted Round Robin (WRR) with Earliest Deadline First (EDF) scheduling is used
|
||||
|
||||
??? example "Basic Least-Time Load Balancing -- Using the [File Provider](../../../install-configuration/providers/others/file.md)"
|
||||
|
||||
```yaml tab="Structured (YAML)"
|
||||
```yaml tab="YAML"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
services:
|
||||
@@ -515,7 +514,7 @@ Weighted Round Robin (WRR) with Earliest Deadline First (EDF) scheduling is used
|
||||
- url: "http://private-ip-server-3/"
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML)"
|
||||
```toml tab="TOML"
|
||||
## Dynamic configuration
|
||||
[http.services]
|
||||
[http.services.my-service.loadBalancer]
|
||||
|
||||
@@ -13,8 +13,6 @@ Enable seamless migration from NGINX Ingress Controller to Traefik with NGINX an
|
||||
The Kubernetes NGINX Ingress Controller project has announced its retirement in **March 2026** and will no longer receive updates or security patches.
|
||||
Traefik provides a migration path by supporting NGINX annotations, allowing you to transition your workloads without rewriting all your Ingress configurations.
|
||||
|
||||
**→ See the [NGINX to Traefik Migration Guide](../../../migrate/nginx-to-traefik.md) for step-by-step instructions.**
|
||||
|
||||
For more information about the NGINX Ingress Controller retirement, see the [official Kubernetes blog announcement](https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement).
|
||||
|
||||
## Ingress Discovery
|
||||
|
||||
@@ -237,30 +237,6 @@ Trust only forwarded headers from selected IPs.
|
||||
`--entrypoints.<name>.http`:
|
||||
HTTP configuration.
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters`:
|
||||
Defines which encoded characters are allowed in the request path.
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedbackslash`:
|
||||
Defines whether requests with encoded back slash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedhash`:
|
||||
Defines whether requests with encoded hash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodednullcharacter`:
|
||||
Defines whether requests with encoded null characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedpercent`:
|
||||
Defines whether requests with encoded percent characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedquestionmark`:
|
||||
Defines whether requests with encoded question mark characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedsemicolon`:
|
||||
Defines whether requests with encoded semicolon characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodedcharacters.allowencodedslash`:
|
||||
Defines whether requests with encoded slash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`--entrypoints.<name>.http.encodequerysemicolons`:
|
||||
Defines whether request query semicolons should be URLEncoded. (Default: ```false```)
|
||||
|
||||
|
||||
@@ -246,30 +246,6 @@ HTTP/3 configuration. (Default: ```false```)
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP3_ADVERTISEDPORT`:
|
||||
UDP port to advertise, on which HTTP/3 is available. (Default: ```0```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS`:
|
||||
Defines which encoded characters are allowed in the request path.
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDBACKSLASH`:
|
||||
Defines whether requests with encoded back slash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDHASH`:
|
||||
Defines whether requests with encoded hash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDNULLCHARACTER`:
|
||||
Defines whether requests with encoded null characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDPERCENT`:
|
||||
Defines whether requests with encoded percent characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDQUESTIONMARK`:
|
||||
Defines whether requests with encoded question mark characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSEMICOLON`:
|
||||
Defines whether requests with encoded semicolon characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEDCHARACTERS_ALLOWENCODEDSLASH`:
|
||||
Defines whether requests with encoded slash characters in the path are allowed. (Default: ```false```)
|
||||
|
||||
`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_ENCODEQUERYSEMICOLONS`:
|
||||
Defines whether request query semicolons should be URLEncoded. (Default: ```false```)
|
||||
|
||||
|
||||
@@ -72,14 +72,6 @@
|
||||
[[entryPoints.EntryPoint0.http.tls.domains]]
|
||||
main = "foobar"
|
||||
sans = ["foobar", "foobar"]
|
||||
[entryPoints.EntryPoint0.http.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
allowEncodedBackSlash = true
|
||||
allowEncodedNullCharacter = true
|
||||
allowEncodedSemicolon = true
|
||||
allowEncodedPercent = true
|
||||
allowEncodedQuestionMark = true
|
||||
allowEncodedHash = true
|
||||
[entryPoints.EntryPoint0.http2]
|
||||
maxConcurrentStreams = 42
|
||||
[entryPoints.EntryPoint0.http3]
|
||||
|
||||
@@ -83,14 +83,6 @@ entryPoints:
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
allowEncodedBackSlash: true
|
||||
allowEncodedNullCharacter: true
|
||||
allowEncodedSemicolon: true
|
||||
allowEncodedPercent: true
|
||||
allowEncodedQuestionMark: true
|
||||
allowEncodedHash: true
|
||||
encodeQuerySemicolons: true
|
||||
sanitizePath: true
|
||||
maxHeaderBytes: 42
|
||||
|
||||
@@ -129,14 +129,6 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
|
||||
trustedIPs:
|
||||
- "127.0.0.1"
|
||||
- "192.168.0.1"
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
allowEncodedBackSlash: true
|
||||
allowEncodedNullCharacter: true
|
||||
allowEncodedSemicolon: true
|
||||
allowEncodedPercent: true
|
||||
allowEncodedQuestionMark: true
|
||||
allowEncodedHash: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@@ -164,14 +156,6 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
|
||||
[entryPoints.name.forwardedHeaders]
|
||||
insecure = true
|
||||
trustedIPs = ["127.0.0.1", "192.168.0.1"]
|
||||
[entryPoints.name.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
allowEncodedBackSlash = true
|
||||
allowEncodedNullCharacter = true
|
||||
allowEncodedSemicolon = true
|
||||
allowEncodedPercent = true
|
||||
allowEncodedQuestionMark = true
|
||||
allowEncodedHash = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
@@ -190,13 +174,6 @@ They can be defined by using a file (YAML or TOML) or CLI arguments.
|
||||
--entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1
|
||||
--entryPoints.name.forwardedHeaders.insecure=true
|
||||
--entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1
|
||||
--entryPoints.name.encodedCharacters.allowEncodedSlash=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedBackSlash=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedNullCharacter=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedSemicolon=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedPercent=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedQuestionMark=true
|
||||
--entryPoints.name.encodedCharacters.allowEncodedHash=true
|
||||
```
|
||||
|
||||
### Address
|
||||
@@ -637,232 +614,6 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
|
||||
--entryPoints.web.forwardedHeaders.connection=foobar
|
||||
```
|
||||
|
||||
### Encoded Characters
|
||||
|
||||
You can configure Traefik to control the handling of encoded characters in request paths for security purposes.
|
||||
By default, Traefik rejects requests containing certain encoded characters that could be used in path traversal or other security attacks.
|
||||
|
||||
!!! warning "Security Considerations"
|
||||
|
||||
Allowing certain encoded characters may expose your application to security vulnerabilities.
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedSlash`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded slash characters (`%2F` or `%2f`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedSlash=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedBackSlash`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded back slash characters (`%5C` or `%5c`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedBackSlash: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedBackSlash = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedBackSlash=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedNullCharacter`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded null characters (`%00`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedNullCharacter: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedNullCharacter = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedNullCharacter=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedSemicolon`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded semicolon characters (`%3B` or `%3b`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedSemicolon: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedSemicolon = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedSemicolon=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedPercent`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded percent characters (`%25`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedPercent: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedPercent = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedPercent=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedQuestionMark`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded question mark characters (`%3F` or `%3f`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedQuestionMark: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedQuestionMark = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedQuestionMark=true
|
||||
```
|
||||
|
||||
??? info "`encodedCharacters.allowEncodedHash`"
|
||||
|
||||
_Optional, Default=false_
|
||||
|
||||
Controls whether requests with encoded hash characters (`%23`) in the path are allowed.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Static configuration
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
encodedCharacters:
|
||||
allowEncodedHash: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Static configuration
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
|
||||
[entryPoints.web.encodedCharacters]
|
||||
allowEncodedHash = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
## Static configuration
|
||||
--entryPoints.web.address=:80
|
||||
--entryPoints.web.encodedCharacters.allowEncodedHash=true
|
||||
```
|
||||
|
||||
### Transport
|
||||
|
||||
#### `respondingTimeouts`
|
||||
|
||||
@@ -3,8 +3,7 @@ title: "Content-Length"
|
||||
description: "Enforce strict Content‑Length validation in Traefik by streaming or full buffering to prevent truncated or over‑long requests and responses. Read the technical documentation."
|
||||
---
|
||||
|
||||
Traefik acts as a streaming proxy. By default, it checks each chunk of data against the `Content-Length` header as it passes it on to the backend or client.
|
||||
This live check blocks truncated or over‑long streams without holding the entire message.
|
||||
Traefik acts as a streaming proxy. By default, it checks each chunk of data against the `Content-Length` header as it passes it on to the backend or client. This live check blocks truncated or over‑long streams without holding the entire message.
|
||||
|
||||
If you need Traefik to read and verify the full body before any data moves on, add the [buffering middleware](../middlewares/http/buffering.md):
|
||||
|
||||
@@ -21,7 +20,5 @@ With buffering enabled, Traefik will:
|
||||
- Compare the actual byte count to the `Content-Length` header.
|
||||
- Reject the message if the counts do not match.
|
||||
|
||||
!!! warning
|
||||
|
||||
Buffering adds overhead. Every request and response is held in full before forwarding, which can increase memory use and latency.
|
||||
Use it when strict content validation is critical to your security posture.
|
||||
!!!warning
|
||||
Buffering adds overhead. Every request and response is held in full before forwarding, which can increase memory use and latency. Use it when strict content validation is critical to your security posture.
|
||||
|
||||
@@ -1,129 +0,0 @@
|
||||
---
|
||||
title: "Request Path"
|
||||
description: "Learn how Traefik processes and secures request paths through sanitization and encoded character filtering to protect against path traversal and injection attacks."
|
||||
---
|
||||
|
||||
# Request Path
|
||||
|
||||
Protecting Against Path-Based Attacks Through Sanitization and Filtering
|
||||
{: .subtitle }
|
||||
|
||||
Traefik implements multiple layers of security when processing incoming request paths.
|
||||
This includes path sanitization to normalize potentially dangerous sequences and encoded character filtering to prevent attack vectors that use URL encoding.
|
||||
Understanding how Traefik handles request paths is crucial for maintaining a secure routing infrastructure.
|
||||
|
||||
## How Traefik Processes Request Paths
|
||||
|
||||
When Traefik receives an HTTP request, it processes the request path through several security-focused stages:
|
||||
|
||||
### 1. Encoded Character Filtering
|
||||
|
||||
Traefik inspects the path for potentially dangerous encoded characters and rejects requests containing them unless explicitly allowed.
|
||||
|
||||
Here is the list of the encoded characters that are rejected by default:
|
||||
|
||||
| Encoded Character | Character |
|
||||
|-------------------|-------------------------|
|
||||
| `%2f` or `%2F` | `/` (slash) |
|
||||
| `%5c` or `%5C` | `\` (backslash) |
|
||||
| `%00` | `NULL` (null character) |
|
||||
| `%3b` or `%3B` | `;` (semicolon) |
|
||||
| `%25` | `%` (percent) |
|
||||
| `%3f` or `%3F` | `?` (question mark) |
|
||||
| `%23` | `#` (hash) |
|
||||
|
||||
### 2. Path Normalization
|
||||
|
||||
Traefik normalizes the request path by decoding the unreserved percent-encoded characters,
|
||||
as they are equivalent to their non-encoded form (according to [rfc3986#section-2.3](https://datatracker.ietf.org/doc/html/rfc3986#section-2.3)),
|
||||
and capitalizing the percent-encoded characters (according to [rfc3986#section-6.2.2.1](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1)).
|
||||
|
||||
### 3. Path Sanitization
|
||||
|
||||
Traefik sanitizes request paths to prevent common attack vectors,
|
||||
by removing the `..`, `.` and duplicate slash segments from the URL (according to [rfc3986#section-6.2.2.3](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.3)).
|
||||
|
||||
## Path Security Configuration
|
||||
|
||||
Traefik provides two main mechanisms for path security that work together to protect your applications.
|
||||
|
||||
### Path Sanitization
|
||||
|
||||
Path sanitization is enabled by default and helps prevent directory traversal attacks by normalizing request paths.
|
||||
Configure it in the [EntryPoints](../routing/entrypoints.md#sanitizepath) HTTP section:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
entryPoints:
|
||||
websecure:
|
||||
address: ":443"
|
||||
http:
|
||||
sanitizePath: true # Default: true (recommended)
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[entryPoints.websecure.http]
|
||||
sanitizePath = true
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--entryPoints.websecure.address=:443
|
||||
--entryPoints.websecure.http.sanitizePath=true
|
||||
```
|
||||
|
||||
**Sanitization behavior:**
|
||||
|
||||
- `./foo/bar` → `/foo/bar` (removes relative current directory)
|
||||
- `/foo/../bar` → `/bar` (resolves parent directory traversal)
|
||||
- `/foo/bar//` → `/foo/bar/` (removes duplicate slashes)
|
||||
- `/./foo/../bar//` → `/bar/` (combines all normalizations)
|
||||
|
||||
### Encoded Character Filtering
|
||||
|
||||
Encoded character filtering provides an additional security layer by rejecting potentially dangerous URL-encoded characters.
|
||||
Configure it in the [EntryPoints](../routing/entrypoints.md#encoded-characters) HTTP section.
|
||||
|
||||
This filtering occurs before path sanitization and catches attack attempts that use encoding to bypass other security controls.
|
||||
|
||||
All encoded character filtering is enabled by default (`false` means encoded characters are rejected), providing maximum security:
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
entryPoints:
|
||||
websecure:
|
||||
address: ":443"
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: false # %2F - Default: false (RECOMMENDED)
|
||||
allowEncodedBackSlash: false # %5C - Default: false (RECOMMENDED)
|
||||
allowEncodedNullCharacter: false # %00 - Default: false (RECOMMENDED)
|
||||
allowEncodedSemicolon: false # %3B - Default: false (RECOMMENDED)
|
||||
allowEncodedPercent: false # %25 - Default: false (RECOMMENDED)
|
||||
allowEncodedQuestionMark: false # %3F - Default: false (RECOMMENDED)
|
||||
allowEncodedHash: false # %23 - Default: false (RECOMMENDED)
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
|
||||
[entryPoints.websecure.encodedCharacters]
|
||||
allowEncodedSlash = false
|
||||
allowEncodedBackSlash = false
|
||||
allowEncodedNullCharacter = false
|
||||
allowEncodedSemicolon = false
|
||||
allowEncodedPercent = false
|
||||
allowEncodedQuestionMark = false
|
||||
allowEncodedHash = false
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
--entryPoints.websecure.address=:443
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedSlash=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedBackSlash=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedNullCharacter=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedSemicolon=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedPercent=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedQuestionMark=false
|
||||
--entryPoints.websecure.encodedCharacters.allowEncodedHash=false
|
||||
```
|
||||
@@ -212,7 +212,6 @@ nav:
|
||||
- 'Extend': 'extend/extend-traefik.md'
|
||||
- '<span class="nav-link-with-icon">Govern <img src="https://doc.traefik.io/traefik-hub/img/ps-traefik-hub-logo-light.svg" class="menu-icon" alt="Traefik Hub API Gateway"></span>': 'govern/index.md'
|
||||
- 'Migrate':
|
||||
- 'NGINX Ingress to Traefik': 'migrate/nginx-to-traefik.md'
|
||||
- 'Traefik v3 minor migrations': 'migrate/v3.md'
|
||||
- 'Traefik v2 to v3':
|
||||
- 'Migration guide': 'migrate/v2-to-v3.md'
|
||||
@@ -358,9 +357,8 @@ nav:
|
||||
- 'KV' : 'reference/routing-configuration/other-providers/kv.md'
|
||||
- 'File' : 'reference/routing-configuration/other-providers/file.md'
|
||||
- 'Security':
|
||||
- 'Request Path': 'security/request-path.md'
|
||||
- 'Content-Length': 'security/content-length.md'
|
||||
- 'TLS in Multi-Tenant Kubernetes': 'security/tls-certs-in-multi-tenant-kubernetes.md'
|
||||
- 'Content-Length': 'security/content-length.md'
|
||||
- 'TLS in Multi-Tenant Kubernetes': 'security/tls-certs-in-multi-tenant-kubernetes.md'
|
||||
- 'Deprecation Notices':
|
||||
- 'Releases': 'deprecation/releases.md'
|
||||
- 'Features': 'deprecation/features.md'
|
||||
|
||||
84
go.mod
84
go.mod
@@ -8,13 +8,13 @@ require (
|
||||
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 // No tag on the repo.
|
||||
github.com/andybalholm/brotli v1.1.1
|
||||
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
|
||||
github.com/aws/aws-sdk-go-v2 v1.40.0
|
||||
github.com/aws/aws-sdk-go-v2/config v1.32.2
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.19.2
|
||||
github.com/aws/aws-sdk-go-v2 v1.39.4
|
||||
github.com/aws/aws-sdk-go-v2/config v1.31.15
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.18.19
|
||||
github.com/aws/aws-sdk-go-v2/service/ec2 v1.203.1
|
||||
github.com/aws/aws-sdk-go-v2/service/ecs v1.53.15
|
||||
github.com/aws/aws-sdk-go-v2/service/ssm v1.56.13
|
||||
github.com/aws/smithy-go v1.23.2
|
||||
github.com/aws/smithy-go v1.23.1
|
||||
github.com/cenkalti/backoff/v4 v4.3.0
|
||||
github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd // No tag on the repo.
|
||||
github.com/coreos/go-systemd/v22 v22.5.0
|
||||
@@ -23,7 +23,7 @@ require (
|
||||
github.com/docker/go-connections v0.5.0
|
||||
github.com/fatih/structs v1.1.0
|
||||
github.com/fsnotify/fsnotify v1.9.0
|
||||
github.com/go-acme/lego/v4 v4.29.0
|
||||
github.com/go-acme/lego/v4 v4.28.0
|
||||
github.com/go-kit/kit v0.13.0
|
||||
github.com/go-kit/log v0.2.1
|
||||
github.com/golang/protobuf v1.5.4
|
||||
@@ -55,7 +55,7 @@ require (
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // No tag on the repo.
|
||||
github.com/prometheus/client_golang v1.23.0
|
||||
github.com/prometheus/client_model v0.6.2
|
||||
github.com/quic-go/quic-go v0.57.1
|
||||
github.com/quic-go/quic-go v0.57.0
|
||||
github.com/redis/go-redis/v9 v9.8.0
|
||||
github.com/rs/zerolog v1.33.0
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
@@ -126,8 +126,8 @@ require (
|
||||
dario.cat/mergo v1.0.1 // indirect
|
||||
github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect
|
||||
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 // indirect
|
||||
@@ -142,7 +142,7 @@ require (
|
||||
github.com/Azure/go-autorest/autorest/to v0.4.1 // indirect
|
||||
github.com/Azure/go-autorest/logger v0.2.1 // indirect
|
||||
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 // indirect
|
||||
github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
|
||||
github.com/Masterminds/goutils v1.1.1 // indirect
|
||||
github.com/Masterminds/semver/v3 v3.3.1 // indirect
|
||||
@@ -157,20 +157,19 @@ require (
|
||||
github.com/alibabacloud-go/tea-utils/v2 v2.0.7 // indirect
|
||||
github.com/aliyun/credentials-go v1.4.7 // indirect
|
||||
github.com/armon/go-metrics v0.4.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.11 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.8 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.61.0 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 // indirect
|
||||
github.com/aziontech/azionapi-go-sdk v0.144.0 // indirect
|
||||
github.com/baidubce/bce-sdk-go v0.9.252 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.11 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.2 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.59.1 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.29.8 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.3 // indirect
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.38.9 // indirect
|
||||
github.com/aziontech/azionapi-go-sdk v0.143.0 // indirect
|
||||
github.com/baidubce/bce-sdk-go v0.9.250 // indirect
|
||||
github.com/benbjohnson/clock v1.3.5 // indirect
|
||||
github.com/beorn7/perks v1.0.1 // indirect
|
||||
github.com/blendle/zapdriver v1.3.1 // indirect
|
||||
@@ -196,16 +195,15 @@ require (
|
||||
github.com/docker/go-units v0.5.0 // indirect
|
||||
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
|
||||
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
|
||||
github.com/exoscale/egoscale/v3 v3.1.31 // indirect
|
||||
github.com/exoscale/egoscale/v3 v3.1.27 // indirect
|
||||
github.com/fatih/color v1.18.0 // indirect
|
||||
github.com/felixge/httpsnoop v1.0.4 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
|
||||
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
|
||||
github.com/ghodss/yaml v1.0.0 // indirect
|
||||
github.com/gin-gonic/gin v1.9.1 // indirect
|
||||
github.com/go-acme/alidns-20150109/v4 v4.7.0 // indirect
|
||||
github.com/go-acme/esa-20240910/v2 v2.40.1 // indirect
|
||||
github.com/go-acme/tencentclouddnspod v1.1.25 // indirect
|
||||
github.com/go-acme/alidns-20150109/v4 v4.6.1 // indirect
|
||||
github.com/go-acme/tencentclouddnspod v1.1.10 // indirect
|
||||
github.com/go-acme/tencentedgdeone v1.1.48 // indirect
|
||||
github.com/go-errors/errors v1.0.1 // indirect
|
||||
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
|
||||
@@ -235,7 +233,7 @@ require (
|
||||
github.com/google/go-querystring v1.1.0 // indirect
|
||||
github.com/google/s2a-go v0.1.9 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
|
||||
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
|
||||
github.com/gophercloud/gophercloud v1.14.1 // indirect
|
||||
github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 // indirect
|
||||
@@ -251,7 +249,7 @@ require (
|
||||
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
|
||||
github.com/hashicorp/serf v0.10.1 // indirect
|
||||
github.com/huandu/xstrings v1.5.0 // indirect
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.178 // indirect
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.173 // indirect
|
||||
github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df // indirect
|
||||
github.com/imdario/mergo v0.3.16 // indirect
|
||||
github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
|
||||
@@ -266,7 +264,7 @@ require (
|
||||
github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect
|
||||
github.com/labbsr0x/goh v1.0.1 // indirect
|
||||
github.com/leodido/go-urn v1.4.0 // indirect
|
||||
github.com/linode/linodego v1.61.0 // indirect
|
||||
github.com/linode/linodego v1.60.0 // indirect
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
|
||||
github.com/liquidweb/liquidweb-go v1.6.4 // indirect
|
||||
github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
|
||||
@@ -302,12 +300,12 @@ require (
|
||||
github.com/nrdcg/dnspod-go v0.4.0 // indirect
|
||||
github.com/nrdcg/freemyip v0.3.0 // indirect
|
||||
github.com/nrdcg/goacmedns v0.2.0 // indirect
|
||||
github.com/nrdcg/goinwx v0.12.0 // indirect
|
||||
github.com/nrdcg/goinwx v0.11.0 // indirect
|
||||
github.com/nrdcg/mailinabox v0.3.0 // indirect
|
||||
github.com/nrdcg/namesilo v0.5.0 // indirect
|
||||
github.com/nrdcg/nodion v0.1.0 // indirect
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.0 // indirect
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.0 // indirect
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.103.0 // indirect
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.103.0 // indirect
|
||||
github.com/nrdcg/porkbun v0.4.0 // indirect
|
||||
github.com/nrdcg/vegadns v0.3.0 // indirect
|
||||
github.com/nzdjb/go-metaname v1.0.0 // indirect
|
||||
@@ -330,7 +328,7 @@ require (
|
||||
github.com/rs/dnscache v0.0.0-20230804202142-fc85eb664529 // indirect
|
||||
github.com/sacloud/api-client-go v0.3.3 // indirect
|
||||
github.com/sacloud/go-http v0.1.9 // indirect
|
||||
github.com/sacloud/iaas-api-go v1.22.0 // indirect
|
||||
github.com/sacloud/iaas-api-go v1.20.0 // indirect
|
||||
github.com/sacloud/packages-go v0.0.11 // indirect
|
||||
github.com/sagikazarmark/locafero v0.4.0 // indirect
|
||||
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
|
||||
@@ -351,7 +349,7 @@ require (
|
||||
github.com/spf13/viper v1.18.2 // indirect
|
||||
github.com/stretchr/objx v0.5.2 // indirect
|
||||
github.com/subosito/gotenv v1.6.0 // indirect
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.3.3 // indirect
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48 // indirect
|
||||
github.com/tidwall/match v1.1.1 // indirect
|
||||
github.com/tidwall/pretty v1.2.1 // indirect
|
||||
github.com/tjfoc/gmsm v1.4.1 // indirect
|
||||
@@ -361,12 +359,12 @@ require (
|
||||
github.com/ultradns/ultradns-go-sdk v1.8.1-20250722213956-faef419 // indirect
|
||||
github.com/valyala/bytebufferpool v1.0.0 // indirect
|
||||
github.com/vinyldns/go-vinyldns v0.9.16 // indirect
|
||||
github.com/volcengine/volc-sdk-golang v1.0.229 // indirect
|
||||
github.com/vultr/govultr/v3 v3.25.0 // indirect
|
||||
github.com/volcengine/volc-sdk-golang v1.0.224 // indirect
|
||||
github.com/vultr/govultr/v3 v3.24.0 // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
github.com/yandex-cloud/go-genproto v0.38.0 // indirect
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.20 // indirect
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.28.0 // indirect
|
||||
github.com/yandex-cloud/go-genproto v0.34.0 // indirect
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.16 // indirect
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.24.0 // indirect
|
||||
github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
|
||||
github.com/yusufpapurcu/wmi v1.2.4 // indirect
|
||||
github.com/zeebo/errs v1.4.0 // indirect
|
||||
@@ -391,17 +389,17 @@ require (
|
||||
go.yaml.in/yaml/v3 v3.0.4 // indirect
|
||||
golang.org/x/arch v0.4.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
|
||||
golang.org/x/oauth2 v0.33.0 // indirect
|
||||
golang.org/x/oauth2 v0.32.0 // indirect
|
||||
golang.org/x/term v0.37.0 // indirect
|
||||
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
|
||||
google.golang.org/api v0.256.0 // indirect
|
||||
google.golang.org/api v0.254.0 // indirect
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 // indirect
|
||||
google.golang.org/protobuf v1.36.10 // indirect
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
|
||||
gopkg.in/inf.v0 v0.9.1 // indirect
|
||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.2 // indirect
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.1 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
k8s.io/klog/v2 v2.130.1 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect
|
||||
|
||||
172
go.sum
172
go.sum
@@ -50,10 +50,10 @@ github.com/AdamSLevy/jsonrpc2/v14 v14.1.0 h1:Dy3M9aegiI7d7PF1LUdjbVigJReo+QOceYs
|
||||
github.com/AdamSLevy/jsonrpc2/v14 v14.1.0/go.mod h1:ZakZtbCXxCz82NJvq7MoREtiQesnDfrtF6RFUGzQfLo=
|
||||
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
|
||||
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0 h1:JXg2dwJUmPB9JmtVmdEB16APJ7jurfbY5jnfXpJoRMc=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0 h1:KpMC6LFL7mqpExyMC9jVOYRiVhLmamjeZfRsUpB7l4s=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8=
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
|
||||
@@ -95,8 +95,8 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM
|
||||
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
|
||||
github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
|
||||
github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgvJqCH0sFfrBUTnUJSBrBf7++ypk+twtRs=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
|
||||
github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
|
||||
@@ -145,6 +145,7 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC
|
||||
github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8=
|
||||
github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc=
|
||||
github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc=
|
||||
github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.12/go.mod h1:f2wDpbM7hK9SvLIH09zSKVU1TsyemUNOqErMscMMl7c=
|
||||
github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13 h1:Q00FU3H94Ts0ZIHDmY+fYGgB7dV9D/YX6FGsgorQPgw=
|
||||
github.com/alibabacloud-go/darabonba-openapi/v2 v2.1.13/go.mod h1:lxFGfobinVsQ49ntjpgWghXmIF0/Sm4+wvBJ1h5RtaE=
|
||||
github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg=
|
||||
@@ -167,6 +168,7 @@ github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/Ke
|
||||
github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
|
||||
github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A=
|
||||
github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk=
|
||||
github.com/alibabacloud-go/tea v1.3.12/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
|
||||
github.com/alibabacloud-go/tea v1.3.13 h1:WhGy6LIXaMbBM6VBYcsDCz6K/TPsT1Ri2hPmmZffZ94=
|
||||
github.com/alibabacloud-go/tea v1.3.13/go.mod h1:A560v/JTQ1n5zklt2BEpurJzZTI8TUT+Psg2drWlxRg=
|
||||
github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE=
|
||||
@@ -197,18 +199,18 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W
|
||||
github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
|
||||
github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
|
||||
github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
|
||||
github.com/aws/aws-sdk-go-v2 v1.40.0 h1:/WMUA0kjhZExjOQN2z3oLALDREea1A7TobfuiBrKlwc=
|
||||
github.com/aws/aws-sdk-go-v2 v1.40.0/go.mod h1:c9pm7VwuW0UPxAEYGyTmyurVcNrbF6Rt/wixFqDhcjE=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.32.2 h1:4liUsdEpUUPZs5WVapsJLx5NPmQhQdez7nYFcovrytk=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.32.2/go.mod h1:l0hs06IFz1eCT+jTacU/qZtC33nvcnLADAPL/XyrkZI=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.19.2 h1:qZry8VUyTK4VIo5aEdUcBjPZHL2v4FyQ3QEOaWcFLu4=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.19.2/go.mod h1:YUqm5a1/kBnoK+/NY5WEiMocZihKSo15/tJdmdXnM5g=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 h1:WZVR5DbDgxzA0BJeudId89Kmgy6DIU4ORpxwsVHz0qA=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14/go.mod h1:Dadl9QO0kHgbrH1GRqGiZdYtW5w+IXXaBNCHTIaheM4=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 h1:PZHqQACxYb8mYgms4RZbhZG0a7dPW06xOjmaH0EJC/I=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14/go.mod h1:VymhrMJUWs69D8u0/lZ7jSB6WgaG/NqHi3gX0aYf6U0=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 h1:bOS19y6zlJwagBfHxs0ESzr1XCOU2KXJCWcq3E2vfjY=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14/go.mod h1:1ipeGBMAxZ0xcTm6y6paC2C/J6f6OO7LBODV9afuAyM=
|
||||
github.com/aws/aws-sdk-go-v2 v1.39.4 h1:qTsQKcdQPHnfGYBBs+Btl8QwxJeoWcOcPcixK90mRhg=
|
||||
github.com/aws/aws-sdk-go-v2 v1.39.4/go.mod h1:yWSxrnioGUZ4WVv9TgMrNUeLV3PFESn/v+6T/Su8gnM=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.31.15 h1:gE3M4xuNXfC/9bG4hyowGm/35uQTi7bUKeYs5e/6uvU=
|
||||
github.com/aws/aws-sdk-go-v2/config v1.31.15/go.mod h1:HvnvGJoE2I95KAIW8kkWVPJ4XhdrlvwJpV6pEzFQa8o=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.18.19 h1:Jc1zzwkSY1QbkEcLujwqRTXOdvW8ppND3jRBb/VhBQc=
|
||||
github.com/aws/aws-sdk-go-v2/credentials v1.18.19/go.mod h1:DIfQ9fAk5H0pGtnqfqkbSIzky82qYnGvh06ASQXXg6A=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.11 h1:X7X4YKb+c0rkI6d4uJ5tEMxXgCZ+jZ/D6mvkno8c8Uw=
|
||||
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.11/go.mod h1:EqM6vPZQsZHYvC4Cai35UDg/f5NCEU+vp0WfbVqVcZc=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11 h1:7AANQZkF3ihM8fbdftpjhken0TP9sBzFbV/Ze/Y4HXA=
|
||||
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.11/go.mod h1:NTF4QCGkm6fzVwncpkFQqoquQyOolcyXfbpC98urj+c=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11 h1:ShdtWUZT37LCAA4Mw2kJAJtzaszfSHFb5n25sdcv4YE=
|
||||
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.11/go.mod h1:7bUb2sSr2MZ3M/N+VyETLTQtInemHXb/Fl3s8CLzm0Y=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
|
||||
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
|
||||
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o=
|
||||
@@ -216,31 +218,29 @@ github.com/aws/aws-sdk-go-v2/service/ec2 v1.203.1 h1:ZgY9zeVAe+54Qa7o1GXKRNTez79
|
||||
github.com/aws/aws-sdk-go-v2/service/ec2 v1.203.1/go.mod h1:0naMk66LtdeTmE+1CWQTKwtzOQ2t8mavOhMhR0Pv1m0=
|
||||
github.com/aws/aws-sdk-go-v2/service/ecs v1.53.15 h1:uH0DMwDjLGgjjYMk3M1MXHggk37trTiJIvwyJNP17Ig=
|
||||
github.com/aws/aws-sdk-go-v2/service/ecs v1.53.15/go.mod h1:49tE5yYdlAHqZIO8u5+u9Xy9k8IaV0v5cstZrjnX5+c=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 h1:x2Ibm/Af8Fi+BH+Hsn9TXGdT+hKbDd5XOTZxTMxDk7o=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3/go.mod h1:IW1jwyrQgMdhisceG8fQLmQIydcT/jWY21rFhzgaKwo=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 h1:FIouAnCE46kyYqyhs0XEBDFFSREtdnr8HQuLPQPLCrY=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14/go.mod h1:UTwDc5COa5+guonQU8qBikJo1ZJ4ln2r1MkF7Dqag1E=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.8 h1:jhwva7OKpYXrTQmCG4L7lF2FvB2irs1oRyGAwmQ4lmA=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.8/go.mod h1:x+omzRoqYYFX+H8/va+Gt2Yg4xGaHZMRowr77Y/UGIA=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.61.0 h1:W3+0Cbc9awFBr9Yt7nFUkvB4N4e7vVIGtKD1qDttXn4=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.61.0/go.mod h1:Wa3q5R2uwIfIL3HZH+vG1/P9y7CjjfzTgcz5IWXlsZs=
|
||||
github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 h1:MxMBdKTYBjPQChlJhi4qlEueqB1p1KcbTEa7tD5aqPs=
|
||||
github.com/aws/aws-sdk-go-v2/service/signin v1.0.2/go.mod h1:iS6EPmNeqCsGo+xQmXv0jIMjyYtQfnwg36zl2FwEouk=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2 h1:xtuxji5CS0JknaXoACOunXOYOQzgfTvGAc9s2QdCJA4=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.2/go.mod h1:zxwi0DIR0rcRcgdbl7E2MSOvxDyyXGBlScvBkARFaLQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.11 h1:GpMf3z2KJa4RnJ0ew3Hac+hRFYLZ9DDjfgXjuW+pB54=
|
||||
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.11/go.mod h1:6MZP3ZI4QQsgUCFTwMZA2V0sEriNQ8k2hmoHF3qjimQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.2 h1:pr1dQ9vamhAf2mYOgiRRC/w9Ht4POFhy6+xXw7hOqwY=
|
||||
github.com/aws/aws-sdk-go-v2/service/lightsail v1.50.2/go.mod h1:A4Ch93K7Wam4Qe0Wl0XbPgcgoL5KIJtFIe7wHw6OPWE=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.59.1 h1:KuoA/cmy/yK8n9v/d6WH36cZwGxFOrn0TmZ4lNN3MKQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/route53 v1.59.1/go.mod h1:BymbICXBfXQHO6i+yTBhocA9a6DM0uMDQqYelqa9wzs=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssm v1.56.13 h1:JfPeW7F6Y+VqBg6p+8zQv4wlgceguYu5ZT0USEGZ89g=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssm v1.56.13/go.mod h1:EonGQFn66wZkJJrrKXrryrxoS3V30rcHvaWvc6oGHCI=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 h1:ksUT5KtgpZd3SAiFJNJ0AFEJVva3gjBmN7eXUZjzUwQ=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.30.5/go.mod h1:av+ArJpoYf3pgyrj6tcehSFW+y9/QvAY8kMooR9bZCw=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 h1:GtsxyiF3Nd3JahRBJbxLCCdYW9ltGQYrFWg8XdkGDd8=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10/go.mod h1:/j67Z5XBVDx8nZVp9EuFM9/BS5dvBznbqILGuu73hug=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 h1:a5UTtD4mHBU3t0o6aHQZFJTNKVfxFWfPX7J0Lr7G+uY=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.41.2/go.mod h1:6TxbXoDSgBQ225Qd8Q+MbxUxUh6TtNKwbRt/EPS9xso=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.29.8 h1:M5nimZmugcZUO9wG7iVtROxPhiqyZX6ejS1lxlDPbTU=
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.29.8/go.mod h1:mbef/pgKhtKRwrigPPs7SSSKZgytzP8PQ6P6JAAdqyM=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.3 h1:S5GuJZpYxE0lKeMHKn+BRTz6PTFpgThyJ+5mYfux7BM=
|
||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.3/go.mod h1:X4OF+BTd7HIb3L+tc4UlWHVrpgwZZIVENU15pRDVTI0=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.38.9 h1:Ekml5vGg6sHSZLZJQJagefnVe6PmqC2oiRkBq4F7fU0=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.38.9/go.mod h1:/e15V+o1zFHWdH3u7lpI3rVBcxszktIKuHKCY2/py+k=
|
||||
github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
|
||||
github.com/aws/smithy-go v1.23.2 h1:Crv0eatJUQhaManss33hS5r40CG3ZFH+21XSkqMrIUM=
|
||||
github.com/aws/smithy-go v1.23.2/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
|
||||
github.com/aziontech/azionapi-go-sdk v0.144.0 h1:T+/w18o+FCiZsk3Z0ACBVVe7c/5EGLG15S3P8JfuPfo=
|
||||
github.com/aziontech/azionapi-go-sdk v0.144.0/go.mod h1:OKxP/R0iVXnJJakYwMhh2BGAXnud8Ruy55Ak9ANuWoU=
|
||||
github.com/baidubce/bce-sdk-go v0.9.252 h1:TONS/utgfEkDjvHllVZFBrTsjsNhk51rhWuj3ppcL4s=
|
||||
github.com/baidubce/bce-sdk-go v0.9.252/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
|
||||
github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M=
|
||||
github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
|
||||
github.com/aziontech/azionapi-go-sdk v0.143.0 h1:4eEBlYT10prgeCVTNR9FIc7f59Crbl2zrH1a4D1BUqU=
|
||||
github.com/aziontech/azionapi-go-sdk v0.143.0/go.mod h1:cA5DY/VP4X5Eu11LpQNzNn83ziKjja7QVMIl4J45feA=
|
||||
github.com/baidubce/bce-sdk-go v0.9.250 h1:fnvV5clsNCAP6pCauj0eNaUnoLVmjQGnco7rcMqp984=
|
||||
github.com/baidubce/bce-sdk-go v0.9.250/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
|
||||
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||
github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
|
||||
github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||
@@ -382,8 +382,8 @@ github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lSh
|
||||
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
|
||||
github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
|
||||
github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM=
|
||||
github.com/exoscale/egoscale/v3 v3.1.31 h1:/dySEUSAxU+hlAS/eLxAoY8ZYmtOtaoL1P+lDwH7ojY=
|
||||
github.com/exoscale/egoscale/v3 v3.1.31/go.mod h1:0iY8OxgHJCS5TKqDNhwOW95JBKCnBZl3YGU4Yt+NqkU=
|
||||
github.com/exoscale/egoscale/v3 v3.1.27 h1:vKdWZG8QFDc7rY7lCfcuudO+ovyp5psYjFwKVqmkhCE=
|
||||
github.com/exoscale/egoscale/v3 v3.1.27/go.mod h1:0iY8OxgHJCS5TKqDNhwOW95JBKCnBZl3YGU4Yt+NqkU=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
|
||||
github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
|
||||
@@ -421,14 +421,12 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv
|
||||
github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
|
||||
github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
|
||||
github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
|
||||
github.com/go-acme/alidns-20150109/v4 v4.7.0 h1:PqJ/wR0JTpL4v0Owu1uM7bPQ1Yww0eQLAuuSdLjjQaQ=
|
||||
github.com/go-acme/alidns-20150109/v4 v4.7.0/go.mod h1:btQvB6xZoN6ykKB74cPhiR+uvhrEE2AFVXm6RDmCHm0=
|
||||
github.com/go-acme/esa-20240910/v2 v2.40.1 h1:pog3UlF5d+3LPoo1L8u8PqB189recIXX8T7pGoEz18A=
|
||||
github.com/go-acme/esa-20240910/v2 v2.40.1/go.mod h1:ZYdN9EN9ikn26SNapxCVjZ65pHT/1qm4fzuJ7QGVX6g=
|
||||
github.com/go-acme/lego/v4 v4.29.0 h1:vKMEtvoKb0gOO9rWO9zMBwE4CgI5A5CWDsK4QEeBqzo=
|
||||
github.com/go-acme/lego/v4 v4.29.0/go.mod h1:rnYyDj1NdDd9y1dHkVuUS97j7bfe9I61+oY9odKaHM8=
|
||||
github.com/go-acme/tencentclouddnspod v1.1.25 h1:7H3ZKshkaHzCXfRpAHVB5nvxeDDl2XLeNZfrNHiZj/s=
|
||||
github.com/go-acme/tencentclouddnspod v1.1.25/go.mod h1:XXfzp0AYV7UAUsHKT6R0KAUJFhqAUXmWGF07Elpa5cE=
|
||||
github.com/go-acme/alidns-20150109/v4 v4.6.1 h1:Dch3aWRcw4U62+jKPjPQN3iW3TPvgIywATbvHzojXeo=
|
||||
github.com/go-acme/alidns-20150109/v4 v4.6.1/go.mod h1:RBcqBA5IvUWtlpjx6dC6EkPVyBNLQ+mR18XoaP38BFY=
|
||||
github.com/go-acme/lego/v4 v4.28.0 h1:URKsCcybo7SjqqZckeBcDN9Vl29/bKS///75tcNkMHQ=
|
||||
github.com/go-acme/lego/v4 v4.28.0/go.mod h1:bzjilr03IgbaOwlH396hq5W56Bi0/uoRwW/JM8hP7m4=
|
||||
github.com/go-acme/tencentclouddnspod v1.1.10 h1:ERVJ4mc3cT4Nb3+n6H/c1AwZnChGBqLoymE0NVYscKI=
|
||||
github.com/go-acme/tencentclouddnspod v1.1.10/go.mod h1:Bo/0YQJ/99FM+44HmCQkByuptX1tJsJ9V14MGV/2Qco=
|
||||
github.com/go-acme/tencentedgdeone v1.1.48 h1:WLyLBsRVhSLFmtbEFXk0naLODSQn7X6J0Fc/qR8xVUk=
|
||||
github.com/go-acme/tencentedgdeone v1.1.48/go.mod h1:mu6tA+bPhlSd+CKUfzRikE0mfxmTlBI6dVTn9LY9dRI=
|
||||
github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
|
||||
@@ -618,8 +616,8 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4=
|
||||
github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA=
|
||||
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
|
||||
github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo=
|
||||
@@ -723,8 +721,8 @@ github.com/http-wasm/http-wasm-host-go v0.7.0/go.mod h1:adXKcLmL7yuavH/e0kBAp7b3
|
||||
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI=
|
||||
github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.178 h1:eNVkjzdPMgM2qih9aECiFUI8S9zgpOwXxeBPAwQqtvU=
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.178/go.mod h1:M+yna96Fx9o5GbIUnF3OvVvQGjgfVSyeJbV9Yb1z/wI=
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.173 h1:Y4ixGadyrK9xHw6Z+cyiiME3SBXepEcUoiT+B8C5FoQ=
|
||||
github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.173/go.mod h1:M+yna96Fx9o5GbIUnF3OvVvQGjgfVSyeJbV9Yb1z/wI=
|
||||
github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
|
||||
@@ -839,8 +837,8 @@ github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++
|
||||
github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
|
||||
github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7kd09ZGA=
|
||||
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/linode/linodego v1.61.0 h1:9g20NWl+/SbhDFj6X5EOZXtM2hBm1Mx8I9h8+F3l1LM=
|
||||
github.com/linode/linodego v1.61.0/go.mod h1:64o30geLNwR0NeYh5HM/WrVCBXcSqkKnRK3x9xoRuJI=
|
||||
github.com/linode/linodego v1.60.0 h1:SgsebJFRCi+lSmYy+C40wmKZeJllGGm+W12Qw4+yVdI=
|
||||
github.com/linode/linodego v1.60.0/go.mod h1:1+Bt0oTz5rBnDOJbGhccxn7LYVytXTIIfAy7QYmijDs=
|
||||
github.com/liquidweb/go-lwApi v0.0.0-20190605172801-52a4864d2738/go.mod h1:0sYF9rMXb0vlG+4SzdiGMXHheCZxjguMq+Zb4S2BfBs=
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9 h1:acbIvdRauiwbxIsOCEMXGwF75aSJDbDiyAWPjVnwoYM=
|
||||
github.com/liquidweb/liquidweb-cli v0.6.9/go.mod h1:cE1uvQ+x24NGUL75D0QagOFCG8Wdvmwu8aL9TLmA/eQ=
|
||||
@@ -988,18 +986,18 @@ github.com/nrdcg/freemyip v0.3.0 h1:0D2rXgvLwe2RRaVIjyUcQ4S26+cIS2iFwnhzDsEuuwc=
|
||||
github.com/nrdcg/freemyip v0.3.0/go.mod h1:c1PscDvA0ukBF0dwelU/IwOakNKnVxetpAQ863RMJoM=
|
||||
github.com/nrdcg/goacmedns v0.2.0 h1:ADMbThobzEMnr6kg2ohs4KGa3LFqmgiBA22/6jUWJR0=
|
||||
github.com/nrdcg/goacmedns v0.2.0/go.mod h1:T5o6+xvSLrQpugmwHvrSNkzWht0UGAwj2ACBMhh73Cg=
|
||||
github.com/nrdcg/goinwx v0.12.0 h1:ujdUqDBnaRSFwzVnImvPHYw3w3m9XgmGImNUw1GyMb4=
|
||||
github.com/nrdcg/goinwx v0.12.0/go.mod h1:IrVKd3ZDbFiMjdPgML4CSxZAY9wOoqLvH44zv3NodJ0=
|
||||
github.com/nrdcg/goinwx v0.11.0 h1:GER0SE3POub7rxARt3Y3jRy1OON1hwF1LRxHz5xsFBw=
|
||||
github.com/nrdcg/goinwx v0.11.0/go.mod h1:0BXSC0FxVtU4aTjX0Zw3x0DK32tjugLzeNIAGtwXvPQ=
|
||||
github.com/nrdcg/mailinabox v0.3.0 h1:PHkC1elKXKAjEvdx2HHFMgcEGZFqudAl7aU3L2JDhM4=
|
||||
github.com/nrdcg/mailinabox v0.3.0/go.mod h1:1eFIGcM4lI+AfFOUpbs548SFGz1ZWoMOGbECBmkghw4=
|
||||
github.com/nrdcg/namesilo v0.5.0 h1:6QNxT/XxE+f5B+7QlfWorthNzOzcGlBLRQxqi6YeBrE=
|
||||
github.com/nrdcg/namesilo v0.5.0/go.mod h1:4UkwlwQfDt74kSGmhLaDylnBrD94IfflnpoEaj6T2qw=
|
||||
github.com/nrdcg/nodion v0.1.0 h1:zLKaqTn2X0aDuBHHfyA1zFgeZfiCpmu/O9DM73okavw=
|
||||
github.com/nrdcg/nodion v0.1.0/go.mod h1:inbuh3neCtIWlMPZHtEpe43TmRXxHV6+hk97iCZicms=
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.0 h1:bppmFqrJ87U4gWilemAW9oa4Qepf2JBTK/mPgaZLP2A=
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.105.0/go.mod h1:SfDIKzNQ5AGNMMOA3LGqSPnn63F6Gc4E4bsKArqymvg=
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.0 h1:IHPZs4Mo/lxyo+gYB+baheb2kGmHtNGQk2DKPDHqPjA=
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.105.0/go.mod h1:yELd0uJLiIyv9sGIh5ZRCHEB1B2QFNURWkQIMqb3ZwE=
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.103.0 h1:GPwwX9GFIBjV4u1M3Cr8eKCP6drW01IsfQSDIz6SUk8=
|
||||
github.com/nrdcg/oci-go-sdk/common/v1065 v1065.103.0/go.mod h1:SfDIKzNQ5AGNMMOA3LGqSPnn63F6Gc4E4bsKArqymvg=
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.103.0 h1:MjHla6lf1jpjGXORLpzMeo/tSmx0ejmjMjdjTByaDGY=
|
||||
github.com/nrdcg/oci-go-sdk/dns/v1065 v1065.103.0/go.mod h1:o1/kMADX0SlB4hJjWtcs3M6VIUOGR78yhPyiBv6oBkk=
|
||||
github.com/nrdcg/porkbun v0.4.0 h1:rWweKlwo1PToQ3H+tEO9gPRW0wzzgmI/Ob3n2Guticw=
|
||||
github.com/nrdcg/porkbun v0.4.0/go.mod h1:/QMskrHEIM0IhC/wY7iTCUgINsxdT2WcOphktJ9+Q54=
|
||||
github.com/nrdcg/vegadns v0.3.0 h1:11FQMw7xVIRUWO9o5+Z/5YZhmPWlm4oxUUH3F6EVqQU=
|
||||
@@ -1116,8 +1114,8 @@ github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9
|
||||
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
|
||||
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
|
||||
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
|
||||
github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI10=
|
||||
github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
|
||||
github.com/quic-go/quic-go v0.57.0 h1:AsSSrrMs4qI/hLrKlTH/TGQeTMY0ib1pAOX7vA3AdqE=
|
||||
github.com/quic-go/quic-go v0.57.0/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
|
||||
@@ -1144,8 +1142,8 @@ github.com/sacloud/api-client-go v0.3.3 h1:ZpSAyGpITA8UFO3Hq4qMHZLGuNI1FgxAxo4sq
|
||||
github.com/sacloud/api-client-go v0.3.3/go.mod h1:0p3ukcWYXRCc2AUWTl1aA+3sXLvurvvDqhRaLZRLBwo=
|
||||
github.com/sacloud/go-http v0.1.9 h1:Xa5PY8/pb7XWhwG9nAeXSrYXPbtfBWqawgzxD5co3VE=
|
||||
github.com/sacloud/go-http v0.1.9/go.mod h1:DpDG+MSyxYaBwPJ7l3aKLMzwYdTVtC5Bo63HActcgoE=
|
||||
github.com/sacloud/iaas-api-go v1.22.0 h1:nvLQNuxcfxILvoxA6WcnTjU9A8yv8dPI1OSYHAPxBJk=
|
||||
github.com/sacloud/iaas-api-go v1.22.0/go.mod h1:PLcolyFlby/0ExZTOdUf9xzhkEMBuVzORadXDNN21no=
|
||||
github.com/sacloud/iaas-api-go v1.20.0 h1:L4TfAzoFSwxrD3QXX8UxJa2o+GZrP9b863K+voTy3tQ=
|
||||
github.com/sacloud/iaas-api-go v1.20.0/go.mod h1:XV995RM1I7k5AHb7UZrCVyDF/8bZXDxa+uk1EXoj/Zs=
|
||||
github.com/sacloud/packages-go v0.0.11 h1:hrRWLmfPM9w7GBs6xb5/ue6pEMl8t1UuDKyR/KfteHo=
|
||||
github.com/sacloud/packages-go v0.0.11/go.mod h1:XNF5MCTWcHo9NiqWnYctVbASSSZR3ZOmmQORIzcurJ8=
|
||||
github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
|
||||
@@ -1256,10 +1254,9 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8
|
||||
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
|
||||
github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046 h1:8rUlviSVOEe7TMk7W0gIPrW8MqEzYfZHpsNWSf8s2vg=
|
||||
github.com/tailscale/tscert v0.0.0-20230806124524-28a91b69a046/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.25/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.10/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48 h1:aoRUrz2ag27jQWcOKHgeE+toSti6/xPqHKMLruOtJuM=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.1.48/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.3.3 h1:r05ohLc0LVEpiEQeOJ5QwCiKk6XM9kjTca6+UAbNR/8=
|
||||
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.3.3/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
|
||||
github.com/testcontainers/testcontainers-go v0.32.0 h1:ug1aK08L3gCHdhknlTTwWjPHPS+/alvLJU/DRxTD/ME=
|
||||
github.com/testcontainers/testcontainers-go v0.32.0/go.mod h1:CRHrzHLQhlXUsa5gXjTOfqIEJcrK5+xMDmBr/WMI88E=
|
||||
github.com/testcontainers/testcontainers-go/modules/k3s v0.32.0 h1:Z3DTMveNUqeGJZ+CXZhpvI7OF1BS71Ywi3SwoXLZ4Lc=
|
||||
@@ -1318,14 +1315,14 @@ github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPU
|
||||
github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
|
||||
github.com/vinyldns/go-vinyldns v0.9.16 h1:GZJStDkcCk1F1AcRc64LuuMh+ENL8pHA0CVd4ulRMcQ=
|
||||
github.com/vinyldns/go-vinyldns v0.9.16/go.mod h1:5qIJOdmzAnatKjurI+Tl4uTus7GJKJxb+zitufjHs3Q=
|
||||
github.com/volcengine/volc-sdk-golang v1.0.229 h1:gOkDltTS6Fta8OyfYrbeY9bqCHHyiJuGYNJpR5MR+Fo=
|
||||
github.com/volcengine/volc-sdk-golang v1.0.229/go.mod h1:zHJlaqiMbIB+0mcrsZPTwOb3FB7S/0MCfqlnO8R7hlM=
|
||||
github.com/volcengine/volc-sdk-golang v1.0.224 h1:k9Vtg64tQAgFTOGWzhyL0b0axuTuExXbLNVlslWlBZI=
|
||||
github.com/volcengine/volc-sdk-golang v1.0.224/go.mod h1:zHJlaqiMbIB+0mcrsZPTwOb3FB7S/0MCfqlnO8R7hlM=
|
||||
github.com/vulcand/oxy/v2 v2.0.3 h1:CPWVPfW4hVZXzwwiQzpFidbnJKpahjPHezM+7TkZRNw=
|
||||
github.com/vulcand/oxy/v2 v2.0.3/go.mod h1:k3t+xjyqmXVh88FdFDbYmUKMEvNpaejvBW14es6H70A=
|
||||
github.com/vulcand/predicate v1.2.0 h1:uFsW1gcnnR7R+QTID+FVcs0sSYlIGntoGOTb3rQJt50=
|
||||
github.com/vulcand/predicate v1.2.0/go.mod h1:VipoNYXny6c8N381zGUWkjuuNHiRbeAZhE7Qm9c+2GA=
|
||||
github.com/vultr/govultr/v3 v3.25.0 h1:rS8/Vdy8HlHArwmD4MtLY+hbbpYAbcnZueZrE6b0oUg=
|
||||
github.com/vultr/govultr/v3 v3.25.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
|
||||
github.com/vultr/govultr/v3 v3.24.0 h1:fTTTj0VBve+Miy+wGhlb90M2NMDfpGFi6Frlj3HVy6M=
|
||||
github.com/vultr/govultr/v3 v3.24.0/go.mod h1:9WwnWGCKnwDlNjHjtt+j+nP+0QWq6hQXzaHgddqrLWY=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
|
||||
github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
|
||||
@@ -1336,12 +1333,12 @@ github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gi
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
|
||||
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
|
||||
github.com/yandex-cloud/go-genproto v0.38.0 h1:uB3btG7mLOnu53ehYtRARCk04+80sBpxDrSkP3qC6G8=
|
||||
github.com/yandex-cloud/go-genproto v0.38.0/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo=
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.20 h1:xHBRa+IIYpTgMbTbmZf7aEKIqrJMcZGIF8ea4XIyLX0=
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.20/go.mod h1:8nYQULLJbbe51qdBY7Ay5v8wtDgdH7nHCMZs4XkwzLg=
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.28.0 h1:KDOrN75xokZBYbgjq6Pjvo+hEpu32xFhErtomLBML5s=
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.28.0/go.mod h1:6vmAhqoCVYSJEb5OuhHUqIdxDy2b9uUXp1e5sqMhTmo=
|
||||
github.com/yandex-cloud/go-genproto v0.34.0 h1:qhTJpPxOTKQbV44rIqoZSdzxDtZW27fkFjAcipEy8Zs=
|
||||
github.com/yandex-cloud/go-genproto v0.34.0/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo=
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.16 h1:0UYrBlQjTO2ct5xcSx6rqkQB95wRBPMVwxfqLQD1sUE=
|
||||
github.com/yandex-cloud/go-sdk/services/dns v0.0.16/go.mod h1:HlS3aIAdYEmJu2Ska/nzpcuv9LLVSMMXKGhzyLQwf5s=
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.24.0 h1:G53N/RB5g/jw2xNN0egspnwd2ByHA1OVH6wbTx/tIlo=
|
||||
github.com/yandex-cloud/go-sdk/v2 v2.24.0/go.mod h1:ZRdpyOig8c/W3bNhwvkeXWWPeDScd9nmXv4AJzKvOsk=
|
||||
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
|
||||
github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
|
||||
github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
|
||||
@@ -1627,9 +1624,10 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
|
||||
golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
|
||||
golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
|
||||
golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY=
|
||||
golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
@@ -1884,8 +1882,8 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
|
||||
google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
|
||||
google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
|
||||
google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
|
||||
google.golang.org/api v0.256.0 h1:u6Khm8+F9sxbCTYNoBHg6/Hwv0N/i+V94MvkOSor6oI=
|
||||
google.golang.org/api v0.256.0/go.mod h1:KIgPhksXADEKJlnEoRa9qAII4rXcy40vfI8HRqcU964=
|
||||
google.golang.org/api v0.254.0 h1:jl3XrGj7lRjnlUvZAbAdhINTLbsg5dbjmR90+pTQvt4=
|
||||
google.golang.org/api v0.254.0/go.mod h1:5BkSURm3D9kAqjGvBNgf0EcbX6Rnrf6UArKkwBzAyqQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
@@ -1928,8 +1926,8 @@ google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuO
|
||||
google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 h1:tRPGkdGHuewF4UisLzzHHr1spKw92qLM98nIzxbC0wY=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8 h1:M1rk8KBnUsBDg1oPGHNCxG4vc1f49epmTO7xscSajMk=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20251022142026-3a174f9686a8/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||
@@ -1987,8 +1985,8 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.2 h1:aBVyKeEH3rBFWwX72xPPjEuRL4+Lp5P9GlAcrzu0Y5M=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.2/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.1 h1:8rri2TzAPYcVbBGXn48+dz1Xg30PzHfZ4k8A9JOS0Z0=
|
||||
gopkg.in/ns1/ns1-go.v2 v2.15.1/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
|
||||
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||
|
||||
@@ -2041,9 +2041,8 @@ spec:
|
||||
More info: https://doc.traefik.io/traefik/v3.6/middlewares/http/redirectscheme/
|
||||
properties:
|
||||
permanent:
|
||||
description: |-
|
||||
Permanent defines whether the redirection is permanent.
|
||||
For HTTP GET requests a 301 is returned, otherwise a 308 is returned.
|
||||
description: Permanent defines whether the redirection is permanent
|
||||
(308).
|
||||
type: boolean
|
||||
port:
|
||||
description: Port defines the port of the new URL.
|
||||
|
||||
@@ -9,8 +9,6 @@
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
[entryPoints.web.http.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
@@ -76,7 +76,7 @@ func TestHandler_SupportDump(t *testing.T) {
|
||||
assert.Contains(t, string(files["version.json"]), `"version":"dev"`)
|
||||
|
||||
// Verify static config contains entry points
|
||||
assert.Contains(t, string(files["static-config.json"]), `"entryPoints":{"web":{"address":"xxxx","http":{"encodedCharacters":{}}}`)
|
||||
assert.Contains(t, string(files["static-config.json"]), `"entryPoints":{"web":{"address":"xxxx","http":{}}}`)
|
||||
|
||||
// Verify runtime config contains services
|
||||
assert.Contains(t, string(files["runtime-config.json"]), `"services":`)
|
||||
|
||||
6
pkg/api/testdata/entrypoint-bar.json
vendored
6
pkg/api/testdata/entrypoint-bar.json
vendored
@@ -1,7 +1,5 @@
|
||||
{
|
||||
"address": ":81",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "bar"
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,5 @@
|
||||
{
|
||||
"address": ":81",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "foo / bar"
|
||||
}
|
||||
|
||||
22
pkg/api/testdata/entrypoints-many-lastpage.json
vendored
22
pkg/api/testdata/entrypoints-many-lastpage.json
vendored
@@ -1,37 +1,27 @@
|
||||
[
|
||||
{
|
||||
"address": ":14",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "ep14"
|
||||
},
|
||||
{
|
||||
"address": ":15",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "ep15"
|
||||
},
|
||||
{
|
||||
"address": ":16",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "ep16"
|
||||
},
|
||||
{
|
||||
"address": ":17",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "ep17"
|
||||
},
|
||||
{
|
||||
"address": ":18",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "ep18"
|
||||
}
|
||||
]
|
||||
]
|
||||
6
pkg/api/testdata/entrypoints-page2.json
vendored
6
pkg/api/testdata/entrypoints-page2.json
vendored
@@ -1,9 +1,7 @@
|
||||
[
|
||||
{
|
||||
"address": ":82",
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "web2"
|
||||
}
|
||||
]
|
||||
]
|
||||
8
pkg/api/testdata/entrypoints.json
vendored
8
pkg/api/testdata/entrypoints.json
vendored
@@ -8,9 +8,7 @@
|
||||
"192.168.1.4"
|
||||
]
|
||||
},
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "web",
|
||||
"proxyProtocol": {
|
||||
"insecure": true,
|
||||
@@ -40,9 +38,7 @@
|
||||
"192.168.1.40"
|
||||
]
|
||||
},
|
||||
"http": {
|
||||
"encodedCharacters": {}
|
||||
},
|
||||
"http": {},
|
||||
"name": "websecure",
|
||||
"proxyProtocol": {
|
||||
"insecure": true,
|
||||
|
||||
@@ -655,13 +655,8 @@ type RedirectScheme struct {
|
||||
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
|
||||
// Port defines the port of the new URL.
|
||||
Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
|
||||
// Permanent defines whether the redirection is permanent.
|
||||
// For HTTP GET requests a 301 is returned, otherwise a 308 is returned.
|
||||
// Permanent defines whether the redirection is permanent (308).
|
||||
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
|
||||
// ForcePermanentRedirect is an internal field (not exposed in configuration).
|
||||
// When set to true, this forces the use of permanent redirects 308, regardless of the request method.
|
||||
// Used by the provider ingress-ngin.
|
||||
ForcePermanentRedirect bool `json:"-" toml:"-" yaml:"-" label:"-"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
@@ -65,13 +65,12 @@ func (ep *EntryPoint) SetDefaults() {
|
||||
|
||||
// HTTPConfig is the HTTP configuration of an entry point.
|
||||
type HTTPConfig struct {
|
||||
Redirections *Redirections `description:"Set of redirection" json:"redirections,omitempty" toml:"redirections,omitempty" yaml:"redirections,omitempty" export:"true"`
|
||||
Middlewares []string `description:"Default middlewares for the routers linked to the entry point." json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
|
||||
TLS *TLSConfig `description:"Default TLS configuration for the routers linked to the entry point." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
EncodedCharacters EncodedCharacters `description:"Defines which encoded characters are allowed in the request path." json:"encodedCharacters,omitempty" toml:"encodedCharacters,omitempty" yaml:"encodedCharacters,omitempty" export:"true"`
|
||||
EncodeQuerySemicolons bool `description:"Defines whether request query semicolons should be URLEncoded." json:"encodeQuerySemicolons,omitempty" toml:"encodeQuerySemicolons,omitempty" yaml:"encodeQuerySemicolons,omitempty" export:"true"`
|
||||
SanitizePath *bool `description:"Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences)." json:"sanitizePath,omitempty" toml:"sanitizePath,omitempty" yaml:"sanitizePath,omitempty" export:"true"`
|
||||
MaxHeaderBytes int `description:"Maximum size of request headers in bytes." json:"maxHeaderBytes,omitempty" toml:"maxHeaderBytes,omitempty" yaml:"maxHeaderBytes,omitempty" export:"true"`
|
||||
Redirections *Redirections `description:"Set of redirection" json:"redirections,omitempty" toml:"redirections,omitempty" yaml:"redirections,omitempty" export:"true"`
|
||||
Middlewares []string `description:"Default middlewares for the routers linked to the entry point." json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
|
||||
TLS *TLSConfig `description:"Default TLS configuration for the routers linked to the entry point." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
|
||||
EncodeQuerySemicolons bool `description:"Defines whether request query semicolons should be URLEncoded." json:"encodeQuerySemicolons,omitempty" toml:"encodeQuerySemicolons,omitempty" yaml:"encodeQuerySemicolons,omitempty"`
|
||||
SanitizePath *bool `description:"Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences)." json:"sanitizePath,omitempty" toml:"sanitizePath,omitempty" yaml:"sanitizePath,omitempty" export:"true"`
|
||||
MaxHeaderBytes int `description:"Maximum size of request headers in bytes." json:"maxHeaderBytes,omitempty" toml:"maxHeaderBytes,omitempty" yaml:"maxHeaderBytes,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values.
|
||||
@@ -81,50 +80,6 @@ func (c *HTTPConfig) SetDefaults() {
|
||||
c.MaxHeaderBytes = http.DefaultMaxHeaderBytes
|
||||
}
|
||||
|
||||
// EncodedCharacters configures which encoded characters are allowed in the request path.
|
||||
type EncodedCharacters struct {
|
||||
AllowEncodedSlash bool `description:"Defines whether requests with encoded slash characters in the path are allowed." json:"allowEncodedSlash,omitempty" toml:"allowEncodedSlash,omitempty" yaml:"allowEncodedSlash,omitempty" export:"true"`
|
||||
AllowEncodedBackSlash bool `description:"Defines whether requests with encoded back slash characters in the path are allowed." json:"allowEncodedBackSlash,omitempty" toml:"allowEncodedBackSlash,omitempty" yaml:"allowEncodedBackSlash,omitempty" export:"true"`
|
||||
AllowEncodedNullCharacter bool `description:"Defines whether requests with encoded null characters in the path are allowed." json:"allowEncodedNullCharacter,omitempty" toml:"allowEncodedNullCharacter,omitempty" yaml:"allowEncodedNullCharacter,omitempty" export:"true"`
|
||||
AllowEncodedSemicolon bool `description:"Defines whether requests with encoded semicolon characters in the path are allowed." json:"allowEncodedSemicolon,omitempty" toml:"allowEncodedSemicolon,omitempty" yaml:"allowEncodedSemicolon,omitempty" export:"true"`
|
||||
AllowEncodedPercent bool `description:"Defines whether requests with encoded percent characters in the path are allowed." json:"allowEncodedPercent,omitempty" toml:"allowEncodedPercent,omitempty" yaml:"allowEncodedPercent,omitempty" export:"true"`
|
||||
AllowEncodedQuestionMark bool `description:"Defines whether requests with encoded question mark characters in the path are allowed." json:"allowEncodedQuestionMark,omitempty" toml:"allowEncodedQuestionMark,omitempty" yaml:"allowEncodedQuestionMark,omitempty" export:"true"`
|
||||
AllowEncodedHash bool `description:"Defines whether requests with encoded hash characters in the path are allowed." json:"allowEncodedHash,omitempty" toml:"allowEncodedHash,omitempty" yaml:"allowEncodedHash,omitempty" export:"true"`
|
||||
}
|
||||
|
||||
// Map returns a map of unallowed encoded characters.
|
||||
func (h *EncodedCharacters) Map() map[string]struct{} {
|
||||
characters := make(map[string]struct{})
|
||||
|
||||
if !h.AllowEncodedSlash {
|
||||
characters["%2F"] = struct{}{}
|
||||
characters["%2f"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedBackSlash {
|
||||
characters["%5C"] = struct{}{}
|
||||
characters["%5c"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedNullCharacter {
|
||||
characters["%00"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedSemicolon {
|
||||
characters["%3B"] = struct{}{}
|
||||
characters["%3b"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedPercent {
|
||||
characters["%25"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedQuestionMark {
|
||||
characters["%3F"] = struct{}{}
|
||||
characters["%3f"] = struct{}{}
|
||||
}
|
||||
if !h.AllowEncodedHash {
|
||||
characters["%23"] = struct{}{}
|
||||
}
|
||||
|
||||
return characters
|
||||
}
|
||||
|
||||
// HTTP2Config is the HTTP2 configuration of an entry point.
|
||||
type HTTP2Config struct {
|
||||
MaxConcurrentStreams int32 `description:"Specifies the number of concurrent streams per connection that each client is allowed to initiate." json:"maxConcurrentStreams,omitempty" toml:"maxConcurrentStreams,omitempty" yaml:"maxConcurrentStreams,omitempty" export:"true"`
|
||||
|
||||
@@ -65,161 +65,3 @@ func TestEntryPointProtocol(t *testing.T) {
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestEncodedCharactersMap(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
config EncodedCharacters
|
||||
expected map[string]struct{}
|
||||
}{
|
||||
{
|
||||
name: "Handles empty configuration",
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Exclude encoded slash when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedSlash: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
|
||||
{
|
||||
name: "Exclude encoded backslash when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedBackSlash: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
|
||||
{
|
||||
name: "Exclude encoded null character when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedNullCharacter: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Exclude encoded semicolon when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedSemicolon: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Exclude encoded percent when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedPercent: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Exclude encoded question mark when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedQuestionMark: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%23": {},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "Exclude encoded hash when allowed",
|
||||
config: EncodedCharacters{
|
||||
AllowEncodedHash: true,
|
||||
},
|
||||
expected: map[string]struct{}{
|
||||
"%2F": {},
|
||||
"%2f": {},
|
||||
"%5C": {},
|
||||
"%5c": {},
|
||||
"%00": {},
|
||||
"%3B": {},
|
||||
"%3b": {},
|
||||
"%25": {},
|
||||
"%3F": {},
|
||||
"%3f": {},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
result := test.config.Map()
|
||||
require.Equal(t, test.expected, result)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
@@ -481,7 +481,7 @@ func TestServiceTCPHealthChecker_Launch(t *testing.T) {
|
||||
}
|
||||
|
||||
// Wait for all health checks to complete deterministically
|
||||
for i := range test.server.StatusSequence {
|
||||
for range test.server.StatusSequence {
|
||||
test.server.Next()
|
||||
|
||||
initialUpserted := lb.numUpsertedServers
|
||||
@@ -490,11 +490,6 @@ func TestServiceTCPHealthChecker_Launch(t *testing.T) {
|
||||
for time.Now().Before(deadline) {
|
||||
time.Sleep(5 * time.Millisecond)
|
||||
if lb.numUpsertedServers > initialUpserted || lb.numRemovedServers > initialRemoved {
|
||||
// Stop the health checker immediately after the last expected sequence completes
|
||||
// to prevent extra health checks from firing and modifying the counters.
|
||||
if i == len(test.server.StatusSequence)-1 {
|
||||
cancel()
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
@@ -195,7 +195,7 @@ func (fa *forwardAuth) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
|
||||
forwardResponse, forwardErr := fa.client.Do(forwardReq)
|
||||
if forwardErr != nil {
|
||||
logger.Error().Err(forwardErr).Msgf("Error calling %s", fa.address)
|
||||
logger.Debug().Err(forwardErr).Msgf("Error calling %s", fa.address)
|
||||
observability.SetStatusErrorf(req.Context(), "Error calling %s. Cause: %s", fa.address, forwardErr)
|
||||
|
||||
statusCode := http.StatusInternalServerError
|
||||
|
||||
@@ -18,32 +18,30 @@ const typeName = "Redirect"
|
||||
var uriRegexp = regexp.MustCompile(`^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`)
|
||||
|
||||
type redirect struct {
|
||||
next http.Handler
|
||||
regex *regexp.Regexp
|
||||
replacement string
|
||||
permanent bool
|
||||
forcePermanentRedirect bool
|
||||
errHandler utils.ErrorHandler
|
||||
name string
|
||||
rawURL func(*http.Request) string
|
||||
next http.Handler
|
||||
regex *regexp.Regexp
|
||||
replacement string
|
||||
permanent bool
|
||||
errHandler utils.ErrorHandler
|
||||
name string
|
||||
rawURL func(*http.Request) string
|
||||
}
|
||||
|
||||
// New creates a Redirect middleware.
|
||||
func newRedirect(next http.Handler, regex, replacement string, permanent bool, forcePermanentRedirect bool, rawURL func(*http.Request) string, name string) (http.Handler, error) {
|
||||
func newRedirect(next http.Handler, regex, replacement string, permanent bool, rawURL func(*http.Request) string, name string) (http.Handler, error) {
|
||||
re, err := regexp.Compile(regex)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &redirect{
|
||||
regex: re,
|
||||
replacement: replacement,
|
||||
permanent: permanent,
|
||||
forcePermanentRedirect: forcePermanentRedirect,
|
||||
errHandler: utils.DefaultHandler,
|
||||
next: next,
|
||||
name: name,
|
||||
rawURL: rawURL,
|
||||
regex: re,
|
||||
replacement: replacement,
|
||||
permanent: permanent,
|
||||
errHandler: utils.DefaultHandler,
|
||||
next: next,
|
||||
name: name,
|
||||
rawURL: rawURL,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -71,7 +69,7 @@ func (r *redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
if newURL != oldURL {
|
||||
handler := &moveHandler{location: parsedURL, permanent: r.permanent, forcePermanentRedirect: r.forcePermanentRedirect}
|
||||
handler := &moveHandler{location: parsedURL, permanent: r.permanent}
|
||||
handler.ServeHTTP(rw, req)
|
||||
return
|
||||
}
|
||||
@@ -84,9 +82,8 @@ func (r *redirect) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
type moveHandler struct {
|
||||
location *url.URL
|
||||
permanent bool
|
||||
forcePermanentRedirect bool
|
||||
location *url.URL
|
||||
permanent bool
|
||||
}
|
||||
|
||||
func (m *moveHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
@@ -103,11 +100,6 @@ func (m *moveHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
||||
status = http.StatusPermanentRedirect
|
||||
}
|
||||
}
|
||||
|
||||
if m.forcePermanentRedirect {
|
||||
status = http.StatusPermanentRedirect
|
||||
}
|
||||
|
||||
rw.WriteHeader(status)
|
||||
_, err := rw.Write([]byte(http.StatusText(status)))
|
||||
if err != nil {
|
||||
|
||||
@@ -17,7 +17,7 @@ func NewRedirectRegex(ctx context.Context, next http.Handler, conf dynamic.Redir
|
||||
logger.Debug().Msg("Creating middleware")
|
||||
logger.Debug().Msgf("Setting up redirection from %s to %s", conf.Regex, conf.Replacement)
|
||||
|
||||
return newRedirect(next, conf.Regex, conf.Replacement, conf.Permanent, false, rawURL, name)
|
||||
return newRedirect(next, conf.Regex, conf.Replacement, conf.Permanent, rawURL, name)
|
||||
}
|
||||
|
||||
func rawURL(req *http.Request) string {
|
||||
|
||||
@@ -40,7 +40,7 @@ func NewRedirectScheme(ctx context.Context, next http.Handler, conf dynamic.Redi
|
||||
|
||||
rs := &redirectScheme{name: name}
|
||||
|
||||
handler, err := newRedirect(next, uriPattern, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, conf.ForcePermanentRedirect, rs.clientRequestURL, name)
|
||||
handler, err := newRedirect(next, uriPattern, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, rs.clientRequestURL, name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -165,27 +165,6 @@ func TestRedirectSchemeHandler(t *testing.T) {
|
||||
expectedURL: "https://foo:8443",
|
||||
expectedStatus: http.StatusMovedPermanently,
|
||||
},
|
||||
{
|
||||
desc: "HTTP to HTTPS with explicit 308 status code",
|
||||
config: dynamic.RedirectScheme{
|
||||
Scheme: "https",
|
||||
ForcePermanentRedirect: true,
|
||||
},
|
||||
url: "http://foo",
|
||||
expectedURL: "https://foo",
|
||||
expectedStatus: http.StatusPermanentRedirect,
|
||||
},
|
||||
{
|
||||
desc: "HTTP to HTTPS with explicit 308 status code for GET request",
|
||||
method: http.MethodGet,
|
||||
config: dynamic.RedirectScheme{
|
||||
Scheme: "https",
|
||||
ForcePermanentRedirect: true,
|
||||
},
|
||||
url: "http://foo",
|
||||
expectedURL: "https://foo",
|
||||
expectedStatus: http.StatusPermanentRedirect,
|
||||
},
|
||||
{
|
||||
desc: "to HTTP 80",
|
||||
config: dynamic.RedirectScheme{
|
||||
|
||||
@@ -453,7 +453,7 @@ func (p *Provider) loadConfiguration(ctx context.Context) *dynamic.Configuration
|
||||
}
|
||||
|
||||
// TODO: if no service, do not add middlewares and 503.
|
||||
serviceName := provider.Normalize(ingress.Namespace + "-" + ingress.Name + "-" + pa.Backend.Service.Name + "-" + portString)
|
||||
serviceName := provider.Normalize(ingress.Namespace + "-" + pa.Backend.Service.Name + "-" + portString)
|
||||
|
||||
service, err := p.buildService(ingress.Namespace, pa.Backend, ingressConfig)
|
||||
if err != nil {
|
||||
@@ -509,7 +509,7 @@ func (p *Provider) buildServersTransport(namespace, name string, cfg ingressConf
|
||||
Name: provider.Normalize(namespace + "-" + name),
|
||||
ServersTransport: &dynamic.ServersTransport{
|
||||
ServerName: ptr.Deref(cfg.ProxySSLName, ptr.Deref(cfg.ProxySSLServerName, "")),
|
||||
InsecureSkipVerify: strings.ToLower(ptr.Deref(cfg.ProxySSLVerify, "off")) == "off",
|
||||
InsecureSkipVerify: strings.ToLower(ptr.Deref(cfg.ProxySSLVerify, "off")) == "on",
|
||||
},
|
||||
}
|
||||
|
||||
@@ -968,8 +968,8 @@ func applySSLRedirectConfiguration(routerName string, ingressConfig ingressConfi
|
||||
redirectMiddlewareName := routerName + "-redirect-scheme"
|
||||
conf.HTTP.Middlewares[redirectMiddlewareName] = &dynamic.Middleware{
|
||||
RedirectScheme: &dynamic.RedirectScheme{
|
||||
Scheme: "https",
|
||||
ForcePermanentRedirect: true,
|
||||
Scheme: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
}
|
||||
redirectRouter.Middlewares = append(redirectRouter.Middlewares, redirectMiddlewareName)
|
||||
|
||||
@@ -64,7 +64,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
Rule: "Host(`whoami.localhost`) && Path(`/basicauth`)",
|
||||
RuleSyntax: "default",
|
||||
Middlewares: []string{"default-ingress-with-basicauth-rule-0-path-0-basic-auth"},
|
||||
Service: "default-ingress-with-basicauth-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{
|
||||
@@ -78,7 +78,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-basicauth-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -119,7 +119,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
Rule: "Host(`whoami.localhost`) && Path(`/forwardauth`)",
|
||||
RuleSyntax: "default",
|
||||
Middlewares: []string{"default-ingress-with-forwardauth-rule-0-path-0-forward-auth"},
|
||||
Service: "default-ingress-with-forwardauth-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{
|
||||
@@ -131,7 +131,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-forwardauth-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -173,7 +173,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
Rule: "Host(`sslredirect.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
TLS: &dynamic.RouterTLSConfig{},
|
||||
Service: "default-ingress-with-ssl-redirect-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
"default-ingress-with-ssl-redirect-rule-0-path-0-redirect": {
|
||||
Rule: "Host(`sslredirect.localhost`) && Path(`/`)",
|
||||
@@ -184,18 +184,18 @@ func TestLoadIngresses(t *testing.T) {
|
||||
"default-ingress-without-ssl-redirect-rule-0-path-0-http": {
|
||||
Rule: "Host(`withoutsslredirect.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Service: "default-ingress-without-ssl-redirect-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
"default-ingress-without-ssl-redirect-rule-0-path-0": {
|
||||
Rule: "Host(`withoutsslredirect.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
TLS: &dynamic.RouterTLSConfig{},
|
||||
Service: "default-ingress-without-ssl-redirect-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
"default-ingress-with-force-ssl-redirect-rule-0-path-0": {
|
||||
Rule: "Host(`forcesslredirect.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Service: "default-ingress-with-force-ssl-redirect-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
"default-ingress-with-force-ssl-redirect-rule-0-path-0-redirect": {
|
||||
Rule: "Host(`forcesslredirect.localhost`) && Path(`/`)",
|
||||
@@ -207,53 +207,19 @@ func TestLoadIngresses(t *testing.T) {
|
||||
Middlewares: map[string]*dynamic.Middleware{
|
||||
"default-ingress-with-ssl-redirect-rule-0-path-0-redirect-scheme": {
|
||||
RedirectScheme: &dynamic.RedirectScheme{
|
||||
Scheme: "https",
|
||||
ForcePermanentRedirect: true,
|
||||
Scheme: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
"default-ingress-with-force-ssl-redirect-rule-0-path-0-redirect-scheme": {
|
||||
RedirectScheme: &dynamic.RedirectScheme{
|
||||
Scheme: "https",
|
||||
ForcePermanentRedirect: true,
|
||||
Scheme: "https",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-ssl-redirect-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
Strategy: "wrr",
|
||||
PassHostHeader: ptr.To(true),
|
||||
ResponseForwarding: &dynamic.ResponseForwarding{
|
||||
FlushInterval: dynamic.DefaultFlushInterval,
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-ingress-without-ssl-redirect-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
URL: "http://10.10.0.1:80",
|
||||
},
|
||||
{
|
||||
URL: "http://10.10.0.2:80",
|
||||
},
|
||||
},
|
||||
Strategy: "wrr",
|
||||
PassHostHeader: ptr.To(true),
|
||||
ResponseForwarding: &dynamic.ResponseForwarding{
|
||||
FlushInterval: dynamic.DefaultFlushInterval,
|
||||
},
|
||||
},
|
||||
},
|
||||
"default-ingress-with-force-ssl-redirect-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -347,12 +313,12 @@ func TestLoadIngresses(t *testing.T) {
|
||||
"default-ingress-with-sticky-rule-0-path-0": {
|
||||
Rule: "Host(`sticky.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Service: "default-ingress-with-sticky-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-sticky-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -404,12 +370,12 @@ func TestLoadIngresses(t *testing.T) {
|
||||
"default-ingress-with-proxy-ssl-rule-0-path-0": {
|
||||
Rule: "Host(`proxy-ssl.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Service: "default-ingress-with-proxy-ssl-whoami-tls-443",
|
||||
Service: "default-whoami-tls-443",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-proxy-ssl-whoami-tls-443": {
|
||||
"default-whoami-tls-443": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -431,7 +397,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
ServersTransports: map[string]*dynamic.ServersTransport{
|
||||
"default-ingress-with-proxy-ssl": {
|
||||
ServerName: "whoami.localhost",
|
||||
InsecureSkipVerify: false,
|
||||
InsecureSkipVerify: true,
|
||||
RootCAs: []types.FileOrContent{"-----BEGIN CERTIFICATE-----"},
|
||||
},
|
||||
},
|
||||
@@ -457,7 +423,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
Rule: "Host(`cors.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Middlewares: []string{"default-ingress-with-cors-rule-0-path-0-cors"},
|
||||
Service: "default-ingress-with-cors-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{
|
||||
@@ -473,7 +439,7 @@ func TestLoadIngresses(t *testing.T) {
|
||||
},
|
||||
},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-cors-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
@@ -513,12 +479,12 @@ func TestLoadIngresses(t *testing.T) {
|
||||
"default-ingress-with-service-upstream-rule-0-path-0": {
|
||||
Rule: "Host(`service-upstream.localhost`) && Path(`/`)",
|
||||
RuleSyntax: "default",
|
||||
Service: "default-ingress-with-service-upstream-whoami-80",
|
||||
Service: "default-whoami-80",
|
||||
},
|
||||
},
|
||||
Middlewares: map[string]*dynamic.Middleware{},
|
||||
Services: map[string]*dynamic.Service{
|
||||
"default-ingress-with-service-upstream-whoami-80": {
|
||||
"default-whoami-80": {
|
||||
LoadBalancer: &dynamic.ServersLoadBalancer{
|
||||
Servers: []dynamic.Server{
|
||||
{
|
||||
|
||||
@@ -82,8 +82,7 @@
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"encodedCharacters": {}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
@@ -685,8 +685,6 @@ func newHTTPServer(ctx context.Context, ln net.Listener, configuration *static.E
|
||||
|
||||
handler = denyFragment(handler)
|
||||
|
||||
handler = denyEncodedCharacters(configuration.HTTP.EncodedCharacters.Map(), handler)
|
||||
|
||||
serverHTTP := &http.Server{
|
||||
Protocols: &protocols,
|
||||
Handler: handler,
|
||||
@@ -789,37 +787,6 @@ func encodeQuerySemicolons(h http.Handler) http.Handler {
|
||||
})
|
||||
}
|
||||
|
||||
// denyEncodedCharacters reject the request if the escaped path contains encoded characters.
|
||||
func denyEncodedCharacters(encodedCharacters map[string]struct{}, h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
escapedPath := req.URL.EscapedPath()
|
||||
|
||||
for i := 0; i < len(escapedPath); i++ {
|
||||
if escapedPath[i] != '%' {
|
||||
continue
|
||||
}
|
||||
|
||||
// This should never happen as the standard library will reject requests containing invalid percent-encodings.
|
||||
// This discards URLs with a percent character at the end.
|
||||
if i+2 >= len(escapedPath) {
|
||||
rw.WriteHeader(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// This rejects a request with a path containing the given encoded characters.
|
||||
if _, exists := encodedCharacters[escapedPath[i:i+3]]; exists {
|
||||
log.Debug().Msgf("Rejecting request because it contains encoded character %s in the URL path: %s", escapedPath[i:i+3], escapedPath)
|
||||
rw.WriteHeader(http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
i += 2
|
||||
}
|
||||
|
||||
h.ServeHTTP(rw, req)
|
||||
})
|
||||
}
|
||||
|
||||
// When go receives an HTTP request, it assumes the absence of fragment URL.
|
||||
// However, it is still possible to send a fragment in the request.
|
||||
// In this case, Traefik will encode the '#' character, altering the request's intended meaning.
|
||||
|
||||
@@ -428,59 +428,6 @@ func TestSanitizePath(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestDenyEncodedCharacters(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
encoded map[string]struct{}
|
||||
url string
|
||||
wantStatus int
|
||||
}{
|
||||
{
|
||||
name: "Rejects disallowed characters",
|
||||
encoded: map[string]struct{}{
|
||||
"%0A": {},
|
||||
"%0D": {},
|
||||
},
|
||||
url: "http://example.com/foo%0Abar",
|
||||
wantStatus: http.StatusBadRequest,
|
||||
},
|
||||
{
|
||||
name: "Allows valid paths",
|
||||
encoded: map[string]struct{}{
|
||||
"%0A": {},
|
||||
"%0D": {},
|
||||
},
|
||||
url: "http://example.com/foo%20bar",
|
||||
wantStatus: http.StatusOK,
|
||||
},
|
||||
{
|
||||
name: "Handles empty path",
|
||||
encoded: map[string]struct{}{
|
||||
"%0A": {},
|
||||
},
|
||||
url: "http://example.com/",
|
||||
wantStatus: http.StatusOK,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
handler := denyEncodedCharacters(test.encoded, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}))
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, test.url, nil)
|
||||
res := httptest.NewRecorder()
|
||||
|
||||
handler.ServeHTTP(res, req)
|
||||
|
||||
assert.Equal(t, test.wantStatus, res.Code)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestNormalizePath(t *testing.T) {
|
||||
unreservedDecoded := "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
|
||||
unreserved := []string{
|
||||
@@ -578,10 +525,6 @@ func TestPathOperations(t *testing.T) {
|
||||
configuration := &static.EntryPoint{}
|
||||
configuration.SetDefaults()
|
||||
|
||||
// We need to allow some of the suspicious encoded characters to test the path operations in case they are authorized.
|
||||
configuration.HTTP.EncodedCharacters.AllowEncodedSlash = true
|
||||
configuration.HTTP.EncodedCharacters.AllowEncodedPercent = true
|
||||
|
||||
// Create the HTTP server using newHTTPServer.
|
||||
server, err := newHTTPServer(t.Context(), ln, configuration, false, requestdecorator.New(nil))
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -4,14 +4,14 @@ RepositoryName = "traefik"
|
||||
OutputType = "file"
|
||||
FileName = "traefik_changelog.md"
|
||||
|
||||
# example new bugfix v3.6.3
|
||||
# example new bugfix v3.6.2
|
||||
CurrentRef = "v3.6"
|
||||
PreviousRef = "v3.6.2"
|
||||
PreviousRef = "v3.6.1"
|
||||
BaseBranch = "v3.6"
|
||||
FutureCurrentRefName = "v3.6.3"
|
||||
FutureCurrentRefName = "v3.6.2"
|
||||
|
||||
ThresholdPreviousRef = 10000
|
||||
ThresholdCurrentRef = 10000
|
||||
ThresholdPreviousRef = 10
|
||||
ThresholdCurrentRef = 10
|
||||
|
||||
Debug = true
|
||||
DisplayLabel = true
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { AriaTr, VariantProps, styled } from '@traefiklabs/faency'
|
||||
import { ComponentProps, forwardRef, ReactNode } from 'react'
|
||||
import { useHref } from 'react-router-dom'
|
||||
|
||||
import { useHrefWithReturnTo } from 'hooks/use-href-with-return-to'
|
||||
|
||||
const UnstyledLink = styled('a', {
|
||||
color: 'inherit',
|
||||
@@ -18,7 +19,7 @@ type ClickableRowProps = ComponentProps<typeof AriaTr> &
|
||||
}
|
||||
|
||||
export default forwardRef<HTMLTableRowElement | null, ClickableRowProps>(({ children, css, to, ...props }, ref) => {
|
||||
const href = useHref(to)
|
||||
const href = useHrefWithReturnTo(to)
|
||||
|
||||
return (
|
||||
<AriaTr asChild interactive ref={ref} css={css} {...props}>
|
||||
|
||||
@@ -7,6 +7,7 @@ import { StatusWrapper } from './ResourceStatus'
|
||||
import { colorByStatus } from './Status'
|
||||
|
||||
import Tooltip from 'components/Tooltip'
|
||||
import { useGetUrlWithReturnTo } from 'hooks/use-href-with-return-to'
|
||||
|
||||
const CustomHeading = styled(H2, {
|
||||
display: 'flex',
|
||||
@@ -125,9 +126,25 @@ const CardSkeleton = ({ bigDescription }: { bigDescription?: boolean }) => {
|
||||
)
|
||||
}
|
||||
|
||||
export const CardListSection = ({ icon, title, cards, isLast, bigDescription }: SectionType) => {
|
||||
const CardItem = ({ card }) => {
|
||||
const navigate = useNavigate()
|
||||
const href = useGetUrlWithReturnTo(card.link)
|
||||
|
||||
return (
|
||||
<SpacedCard key={card.description} css={{ border: card.focus ? `2px solid $primary` : '', p: '$3' }}>
|
||||
<FlexLink
|
||||
data-testid={card.link}
|
||||
onClick={(): false | void => !!card.link && navigate(href)}
|
||||
css={{ cursor: card.link ? 'pointer' : 'inherit' }}
|
||||
>
|
||||
<ItemTitle>{card.title}</ItemTitle>
|
||||
<CardDescription>{card.description}</CardDescription>
|
||||
</FlexLink>
|
||||
</SpacedCard>
|
||||
)
|
||||
}
|
||||
|
||||
export const CardListSection = ({ icon, title, cards, isLast, bigDescription }: SectionType) => {
|
||||
return (
|
||||
<Flex css={{ flexDirection: 'column', flexGrow: 1 }}>
|
||||
<SectionHeader icon={icon} title={title} />
|
||||
@@ -135,20 +152,7 @@ export const CardListSection = ({ icon, title, cards, isLast, bigDescription }:
|
||||
<CardListColumn>
|
||||
<Flex css={{ flexDirection: 'column', flexGrow: 1, marginRight: '$3' }}>
|
||||
{!cards && <CardSkeleton bigDescription={bigDescription} />}
|
||||
{cards
|
||||
?.filter((c) => !!c.description)
|
||||
.map((card) => (
|
||||
<SpacedCard key={card.description} css={{ border: card.focus ? `2px solid $primary` : '', p: '$3' }}>
|
||||
<FlexLink
|
||||
data-testid={card.link}
|
||||
onClick={(): false | void => !!card.link && navigate(card.link)}
|
||||
css={{ cursor: card.link ? 'pointer' : 'inherit' }}
|
||||
>
|
||||
<ItemTitle>{card.title}</ItemTitle>
|
||||
<CardDescription>{card.description}</CardDescription>
|
||||
</FlexLink>
|
||||
</SpacedCard>
|
||||
))}
|
||||
{cards?.filter((c) => !!c.description).map((card, idx) => <CardItem key={`card-${idx}`} card={card} />)}
|
||||
<Box css={{ height: '16px' }}> </Box>
|
||||
</Flex>
|
||||
</CardListColumn>
|
||||
|
||||
238
webui/src/hooks/use-href-with-return-to.spec.tsx
Normal file
238
webui/src/hooks/use-href-with-return-to.spec.tsx
Normal file
@@ -0,0 +1,238 @@
|
||||
import { renderHook } from '@testing-library/react'
|
||||
import { MemoryRouter } from 'react-router-dom'
|
||||
|
||||
import { useGetUrlWithReturnTo, useHrefWithReturnTo, useRouterReturnTo } from './use-href-with-return-to'
|
||||
|
||||
describe('useGetUrlWithReturnTo', () => {
|
||||
const createWrapper = (initialPath = '/') => {
|
||||
return ({ children }) => <MemoryRouter initialEntries={[initialPath]}>{children}</MemoryRouter>
|
||||
}
|
||||
|
||||
it('should append current path as returnTo query param', () => {
|
||||
const { result } = renderHook(() => useGetUrlWithReturnTo('/target'), {
|
||||
wrapper: createWrapper('/current/path'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcurrent%2Fpath')
|
||||
})
|
||||
|
||||
it('should append current path with search params as returnTo', () => {
|
||||
const { result } = renderHook(() => useGetUrlWithReturnTo('/target'), {
|
||||
wrapper: createWrapper('/current/path?foo=bar'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcurrent%2Fpath%3Ffoo%3Dbar')
|
||||
})
|
||||
|
||||
it('should use initialReturnTo when provided', () => {
|
||||
const { result } = renderHook(() => useGetUrlWithReturnTo('/target', '/custom/return'), {
|
||||
wrapper: createWrapper('/current/path'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcustom%2Freturn')
|
||||
})
|
||||
|
||||
it('should return the href as-is when href is empty string', () => {
|
||||
const { result } = renderHook(() => useGetUrlWithReturnTo(''), {
|
||||
wrapper: createWrapper('/current/path'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('')
|
||||
})
|
||||
|
||||
it('should handle href with existing query params', () => {
|
||||
const { result } = renderHook(() => useGetUrlWithReturnTo('/target?existing=param'), {
|
||||
wrapper: createWrapper('/current/path'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?existing=param&returnTo=%2Fcurrent%2Fpath')
|
||||
})
|
||||
})
|
||||
|
||||
describe('useHrefWithReturnTo', () => {
|
||||
const createWrapper = (initialPath = '/') => {
|
||||
return ({ children }) => <MemoryRouter initialEntries={[initialPath]}>{children}</MemoryRouter>
|
||||
}
|
||||
|
||||
it('should return resolved href with returnTo param containing current path', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/target'), {
|
||||
wrapper: createWrapper('/current'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcurrent')
|
||||
})
|
||||
|
||||
it('should include current search params in returnTo', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/target'), {
|
||||
wrapper: createWrapper('/current?foo=bar&baz=qux'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcurrent%3Ffoo%3Dbar%26baz%3Dqux')
|
||||
})
|
||||
|
||||
it('should use custom returnTo when provided instead of current path', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/target', '/custom/return'), {
|
||||
wrapper: createWrapper('/current'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fcustom%2Freturn')
|
||||
})
|
||||
|
||||
it('should handle absolute paths correctly', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/http/routers'), {
|
||||
wrapper: createWrapper('/tcp/services'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/http/routers?returnTo=%2Ftcp%2Fservices')
|
||||
})
|
||||
|
||||
it('should preserve existing query params in target href', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/target?existing=param'), {
|
||||
wrapper: createWrapper('/current'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?existing=param&returnTo=%2Fcurrent')
|
||||
})
|
||||
|
||||
it('should return root path when href is empty', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo(''), {
|
||||
wrapper: createWrapper('/current'),
|
||||
})
|
||||
|
||||
// useHref converts empty string to root path
|
||||
expect(result.current).toBe('/')
|
||||
})
|
||||
|
||||
it('should handle complex nested paths in returnTo', () => {
|
||||
const { result } = renderHook(() => useHrefWithReturnTo('/target'), {
|
||||
wrapper: createWrapper('/http/routers/my-router-123'),
|
||||
})
|
||||
|
||||
expect(result.current).toBe('/target?returnTo=%2Fhttp%2Frouters%2Fmy-router-123')
|
||||
})
|
||||
})
|
||||
|
||||
describe('useRouterReturnTo', () => {
|
||||
const createWrapper = (initialPath = '/') => {
|
||||
return ({ children }) => <MemoryRouter initialEntries={[initialPath]}>{children}</MemoryRouter>
|
||||
}
|
||||
|
||||
it('should return null when no returnTo query param exists', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current'),
|
||||
})
|
||||
|
||||
expect(result.current.returnTo).toBeNull()
|
||||
expect(result.current.returnToLabel).toBeNull()
|
||||
})
|
||||
|
||||
it('should extract returnTo from query params', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers'),
|
||||
})
|
||||
|
||||
expect(result.current.returnTo).toBe('/http/routers')
|
||||
})
|
||||
|
||||
it('should generate correct label for HTTP routers (plural)', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('HTTP routers')
|
||||
})
|
||||
|
||||
it('should generate correct label for HTTP router (singular)', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers/router-1'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('HTTP router')
|
||||
})
|
||||
|
||||
it('should generate fallback label for unknown routes (plural)', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/custom/resources'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('Custom resources')
|
||||
})
|
||||
|
||||
it('should handle malformed returnTo paths gracefully', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/'),
|
||||
})
|
||||
|
||||
expect(result.current.returnTo).toBe('/')
|
||||
expect(result.current.returnToLabel).toBe('Back')
|
||||
})
|
||||
|
||||
it('should handle returnTo with query params', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers?filter=test'),
|
||||
})
|
||||
|
||||
expect(result.current.returnTo).toContain('/http/routers')
|
||||
expect(result.current.returnToLabel).toBe('HTTP routers')
|
||||
})
|
||||
|
||||
it('should strip query params from path when generating label', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers?filter=test&status=active'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('HTTP routers')
|
||||
expect(result.current.returnToLabel).not.toContain('filter')
|
||||
expect(result.current.returnToLabel).not.toContain('status')
|
||||
})
|
||||
|
||||
it('should strip query params from subpath when generating label', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/tcp/services?page=2'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('TCP services')
|
||||
})
|
||||
|
||||
it('should handle query params with multiple question marks gracefully', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/routers?filter=test?extra=param'),
|
||||
})
|
||||
|
||||
// Should handle edge case with multiple question marks (invalid URL but should not crash)
|
||||
expect(result.current.returnToLabel).toBe('HTTP routers')
|
||||
})
|
||||
|
||||
it('should handle path with query params but no subpath', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http?foo=bar'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('Http')
|
||||
})
|
||||
|
||||
it('should handle empty query string (path ending with ?)', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/tcp/middlewares?'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('TCP middlewares')
|
||||
})
|
||||
|
||||
it('should handle complex query strings with special characters', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/http/services?filter=%40test%23special'),
|
||||
})
|
||||
|
||||
expect(result.current.returnToLabel).toBe('HTTP services')
|
||||
})
|
||||
|
||||
it('should capitalize first letter of label override', () => {
|
||||
const { result } = renderHook(() => useRouterReturnTo(), {
|
||||
wrapper: createWrapper('/current?returnTo=/resource/routers/router-1'),
|
||||
})
|
||||
|
||||
// Verify the label starts with uppercase
|
||||
expect(result.current.returnToLabel?.charAt(0)).toBe('R')
|
||||
})
|
||||
})
|
||||
119
webui/src/hooks/use-href-with-return-to.ts
Normal file
119
webui/src/hooks/use-href-with-return-to.ts
Normal file
@@ -0,0 +1,119 @@
|
||||
import qs from 'query-string'
|
||||
import { useMemo } from 'react'
|
||||
import { useHref, useLocation, useSearchParams } from 'react-router-dom'
|
||||
|
||||
import { capitalizeFirstLetter } from '../utils/string'
|
||||
|
||||
type UseGetUrlWithReturnTo = (href: string, initialReturnTo?: string) => string
|
||||
|
||||
export const useGetUrlWithReturnTo: UseGetUrlWithReturnTo = (href, initialReturnTo) => {
|
||||
const location = useLocation()
|
||||
const currentPath = location.pathname + location.search
|
||||
|
||||
const url = useMemo(() => {
|
||||
if (href) {
|
||||
return qs.stringifyUrl({ url: href, query: { returnTo: initialReturnTo ?? currentPath } })
|
||||
}
|
||||
return href
|
||||
}, [currentPath, href, initialReturnTo])
|
||||
|
||||
return url
|
||||
}
|
||||
|
||||
export const useHrefWithReturnTo = (href: string, returnTo?: string): string => {
|
||||
const urlWithReturnTo = useGetUrlWithReturnTo(href, returnTo)
|
||||
|
||||
return useHref(urlWithReturnTo)
|
||||
}
|
||||
|
||||
const RETURN_TO_LABEL_OVERRIDES_SINGULAR: Record<string, Record<string, string>> = {
|
||||
http: {
|
||||
routers: 'HTTP router',
|
||||
services: 'HTTP service',
|
||||
middlewares: 'HTTP middleware',
|
||||
},
|
||||
tcp: {
|
||||
routers: 'TCP router',
|
||||
services: 'TCP service',
|
||||
middlewares: 'TCP middleware',
|
||||
},
|
||||
udp: {
|
||||
routers: 'UDP router',
|
||||
services: 'TCP service',
|
||||
},
|
||||
}
|
||||
|
||||
const RETURN_TO_LABEL_OVERRIDES_PLURAL: Record<string, Record<string, string>> = {
|
||||
http: {
|
||||
routers: 'HTTP routers',
|
||||
services: 'HTTP services',
|
||||
middlewares: 'HTTP middlewares',
|
||||
},
|
||||
tcp: {
|
||||
routers: 'TCP routers',
|
||||
services: 'TCP services',
|
||||
middlewares: 'TCP middlewares',
|
||||
},
|
||||
udp: {
|
||||
routers: 'UDP routers',
|
||||
services: 'TCP services',
|
||||
},
|
||||
}
|
||||
|
||||
type UseRouterReturnTo = (initialReturnTo?: string) => {
|
||||
returnTo: string | null
|
||||
returnToLabel: string | null
|
||||
}
|
||||
|
||||
const getCleanPath = (path: string) => {
|
||||
if (!path) return ''
|
||||
return path.split('?')[0]
|
||||
}
|
||||
|
||||
export const useRouterReturnTo: UseRouterReturnTo = () => {
|
||||
const [searchParams] = useSearchParams()
|
||||
|
||||
const returnTo = useMemo(() => {
|
||||
const queryReturnTo = searchParams.get('returnTo')
|
||||
return queryReturnTo || null
|
||||
}, [searchParams])
|
||||
|
||||
const returnToHref = useHref(returnTo || '')
|
||||
|
||||
const returnToLabel = useMemo(() => {
|
||||
if (!returnTo) {
|
||||
return null
|
||||
}
|
||||
|
||||
const returnToArr = returnTo.split('/')
|
||||
|
||||
const [, path, subpath, id] = returnToArr
|
||||
|
||||
// Strip query params from path, if any
|
||||
const cleanPath = getCleanPath(path)
|
||||
const cleanSubpath = getCleanPath(subpath)
|
||||
|
||||
// Malformed returnTo (e.g., just '/' or empty path)
|
||||
if (!cleanPath) {
|
||||
return 'Back'
|
||||
}
|
||||
|
||||
const fallbackLabel = `${capitalizeFirstLetter(cleanPath)}${cleanSubpath ? ` ${cleanSubpath}` : ''}`
|
||||
|
||||
const labelArray = id ? RETURN_TO_LABEL_OVERRIDES_SINGULAR : RETURN_TO_LABEL_OVERRIDES_PLURAL
|
||||
|
||||
const labelOverride =
|
||||
labelArray[cleanPath]?.[cleanSubpath] ??
|
||||
(typeof labelArray[cleanPath] === 'string' ? labelArray[cleanPath] : fallbackLabel)
|
||||
|
||||
return capitalizeFirstLetter(labelOverride)
|
||||
}, [returnTo])
|
||||
|
||||
return useMemo(
|
||||
() => ({
|
||||
returnTo: returnTo ? returnToHref : null,
|
||||
returnToLabel,
|
||||
}),
|
||||
[returnTo, returnToHref, returnToLabel],
|
||||
)
|
||||
}
|
||||
@@ -1,96 +0,0 @@
|
||||
import { waitFor } from '@testing-library/react'
|
||||
|
||||
import { SideNav, TopNav } from './Navigation'
|
||||
|
||||
import useHubUpgradeButton from 'hooks/use-hub-upgrade-button'
|
||||
import { renderWithProviders } from 'utils/test'
|
||||
|
||||
vi.mock('hooks/use-hub-upgrade-button')
|
||||
|
||||
const mockUseHubUpgradeButton = vi.mocked(useHubUpgradeButton)
|
||||
|
||||
describe('Navigation', () => {
|
||||
beforeEach(() => {
|
||||
mockUseHubUpgradeButton.mockReturnValue({
|
||||
signatureVerified: false,
|
||||
scriptBlobUrl: null,
|
||||
isCustomElementDefined: false,
|
||||
})
|
||||
})
|
||||
|
||||
afterEach(() => {
|
||||
vi.clearAllMocks()
|
||||
})
|
||||
|
||||
it('should render the side navigation bar', async () => {
|
||||
const { container } = renderWithProviders(<SideNav isExpanded={false} onSidePanelToggle={() => {}} />)
|
||||
|
||||
expect(container.innerHTML).toContain('HTTP')
|
||||
expect(container.innerHTML).toContain('TCP')
|
||||
expect(container.innerHTML).toContain('UDP')
|
||||
expect(container.innerHTML).toContain('Plugins')
|
||||
})
|
||||
|
||||
it('should render the top navigation bar', async () => {
|
||||
const { container } = renderWithProviders(<TopNav />)
|
||||
|
||||
expect(container.innerHTML).toContain('theme-switcher')
|
||||
expect(container.innerHTML).toContain('help-menu')
|
||||
})
|
||||
|
||||
describe('hub-button-app rendering', () => {
|
||||
it('should NOT render hub-button-app when signatureVerified is false', async () => {
|
||||
mockUseHubUpgradeButton.mockReturnValue({
|
||||
signatureVerified: false,
|
||||
scriptBlobUrl: null,
|
||||
isCustomElementDefined: false,
|
||||
})
|
||||
|
||||
const { container } = renderWithProviders(<TopNav />)
|
||||
|
||||
const hubButtonApp = container.querySelector('hub-button-app')
|
||||
expect(hubButtonApp).toBeNull()
|
||||
})
|
||||
|
||||
it('should NOT render hub-button-app when scriptBlobUrl is null', async () => {
|
||||
mockUseHubUpgradeButton.mockReturnValue({
|
||||
signatureVerified: true,
|
||||
scriptBlobUrl: null,
|
||||
isCustomElementDefined: false,
|
||||
})
|
||||
|
||||
const { container } = renderWithProviders(<TopNav />)
|
||||
|
||||
const hubButtonApp = container.querySelector('hub-button-app')
|
||||
expect(hubButtonApp).toBeNull()
|
||||
})
|
||||
|
||||
it('should render hub-button-app when signatureVerified is true and scriptBlobUrl exists', async () => {
|
||||
mockUseHubUpgradeButton.mockReturnValue({
|
||||
signatureVerified: true,
|
||||
scriptBlobUrl: 'blob:http://localhost:3000/mock-blob-url',
|
||||
isCustomElementDefined: false,
|
||||
})
|
||||
|
||||
const { container } = renderWithProviders(<TopNav />)
|
||||
|
||||
await waitFor(() => {
|
||||
const hubButtonApp = container.querySelector('hub-button-app')
|
||||
expect(hubButtonApp).not.toBeNull()
|
||||
})
|
||||
})
|
||||
|
||||
it('should NOT render hub-button-app when noHubButton prop is true', async () => {
|
||||
mockUseHubUpgradeButton.mockReturnValue({
|
||||
signatureVerified: true,
|
||||
scriptBlobUrl: 'blob:http://localhost:3000/mock-blob-url',
|
||||
isCustomElementDefined: false,
|
||||
})
|
||||
|
||||
const { container } = renderWithProviders(<TopNav noHubButton={true} />)
|
||||
|
||||
const hubButtonApp = container.querySelector('hub-button-app')
|
||||
expect(hubButtonApp).toBeNull()
|
||||
})
|
||||
})
|
||||
})
|
||||
@@ -4,10 +4,10 @@ import { Helmet } from 'react-helmet-async'
|
||||
import { useLocation } from 'react-router-dom'
|
||||
|
||||
import Container from './Container'
|
||||
import { LAPTOP_BP, SideBarPanel, SideNav, TopNav } from './Navigation'
|
||||
|
||||
import { ToastPool } from 'components/ToastPool'
|
||||
import { ToastProvider } from 'contexts/toasts'
|
||||
import { LAPTOP_BP, SideBarPanel, SideNav, TopNav } from 'layout/navigation'
|
||||
|
||||
export const LIGHT_PRIMARY_COLOR = '#217F97'
|
||||
export const DARK_PRIMARY_COLOR = '#2AA2C1'
|
||||
|
||||
21
webui/src/layout/navigation/Navigation.spec.tsx
Normal file
21
webui/src/layout/navigation/Navigation.spec.tsx
Normal file
@@ -0,0 +1,21 @@
|
||||
import { SideNav, TopNav } from '.'
|
||||
|
||||
import { renderWithProviders } from 'utils/test'
|
||||
|
||||
describe('Navigation', () => {
|
||||
it('should render the side navigation bar', async () => {
|
||||
const { container } = renderWithProviders(<SideNav isExpanded onSidePanelToggle={() => {}} />)
|
||||
|
||||
expect(container.innerHTML).toContain('HTTP')
|
||||
expect(container.innerHTML).toContain('TCP')
|
||||
expect(container.innerHTML).toContain('UDP')
|
||||
expect(container.innerHTML).toContain('Plugins')
|
||||
})
|
||||
|
||||
it('should render the top navigation bar', async () => {
|
||||
const { container } = renderWithProviders(<TopNav />)
|
||||
|
||||
expect(container.innerHTML).toContain('theme-switcher')
|
||||
expect(container.innerHTML).toContain('help-menu')
|
||||
})
|
||||
})
|
||||
@@ -1,18 +1,9 @@
|
||||
import {
|
||||
Badge,
|
||||
Box,
|
||||
Button,
|
||||
CSS,
|
||||
DialogTitle,
|
||||
DropdownMenu,
|
||||
DropdownMenuContent,
|
||||
DropdownMenuGroup,
|
||||
DropdownMenuItem,
|
||||
DropdownMenuPortal,
|
||||
DropdownMenuTrigger,
|
||||
elevationVariants,
|
||||
Flex,
|
||||
Link,
|
||||
NavigationLink,
|
||||
SidePanel,
|
||||
styled,
|
||||
@@ -21,30 +12,24 @@ import {
|
||||
VisuallyHidden,
|
||||
} from '@traefiklabs/faency'
|
||||
import { useContext, useEffect, useMemo, useState } from 'react'
|
||||
import { Helmet } from 'react-helmet-async'
|
||||
import { BsChevronDoubleRight, BsChevronDoubleLeft } from 'react-icons/bs'
|
||||
import { FiBookOpen, FiGithub, FiHelpCircle } from 'react-icons/fi'
|
||||
import { matchPath, useHref } from 'react-router'
|
||||
import { useLocation } from 'react-router-dom'
|
||||
import { useWindowSize } from 'usehooks-ts'
|
||||
|
||||
import Container from './Container'
|
||||
import { DARK_PRIMARY_COLOR, LIGHT_PRIMARY_COLOR } from './Page'
|
||||
import Container from '../Container'
|
||||
|
||||
import { LAPTOP_BP } from '.'
|
||||
|
||||
import IconButton from 'components/buttons/IconButton'
|
||||
import Logo from 'components/icons/Logo'
|
||||
import { PluginsIcon } from 'components/icons/PluginsIcon'
|
||||
import ThemeSwitcher from 'components/ThemeSwitcher'
|
||||
import TooltipText from 'components/TooltipText'
|
||||
import { VersionContext } from 'contexts/version'
|
||||
import useHubUpgradeButton from 'hooks/use-hub-upgrade-button'
|
||||
import useTotals from 'hooks/use-overview-totals'
|
||||
import { useIsDarkMode } from 'hooks/use-theme'
|
||||
import ApimDemoNavMenu from 'pages/hub-demo/HubDemoNav'
|
||||
import { Route, ROUTES } from 'routes'
|
||||
|
||||
export const LAPTOP_BP = 1025
|
||||
|
||||
const NavigationDrawer = styled(Flex, {
|
||||
width: '100%',
|
||||
maxWidth: '100%',
|
||||
@@ -63,11 +48,13 @@ export const BasicNavigationItem = ({
|
||||
count,
|
||||
isSmallScreen,
|
||||
isExpanded,
|
||||
onSidePanelToggle,
|
||||
}: {
|
||||
route: Route
|
||||
count?: number
|
||||
isSmallScreen: boolean
|
||||
isExpanded: boolean
|
||||
onSidePanelToggle: (isOpen: boolean) => void
|
||||
}) => {
|
||||
const { pathname } = useLocation()
|
||||
const href = useHref(route.path)
|
||||
@@ -93,7 +80,13 @@ export const BasicNavigationItem = ({
|
||||
}
|
||||
|
||||
return (
|
||||
<NavigationLink active={isActiveRoute} startAdornment={route?.icon} css={{ whiteSpace: 'nowrap' }} href={href}>
|
||||
<NavigationLink
|
||||
onClick={isSmallScreen ? () => onSidePanelToggle(false) : undefined}
|
||||
active={isActiveRoute}
|
||||
startAdornment={route?.icon}
|
||||
css={{ whiteSpace: 'nowrap' }}
|
||||
href={href}
|
||||
>
|
||||
{route.label}
|
||||
{!!count && (
|
||||
<Badge variant={isActiveRoute ? 'green' : undefined} css={{ ml: '$2' }}>
|
||||
@@ -115,7 +108,7 @@ export const SideBarPanel = ({
|
||||
|
||||
return (
|
||||
<SidePanel
|
||||
open={isOpen && windowSize.width < LAPTOP_BP}
|
||||
open={isOpen && windowSize.width <= LAPTOP_BP}
|
||||
onOpenChange={onOpenChange}
|
||||
side="left"
|
||||
css={{ width: 264, p: 0 }}
|
||||
@@ -147,8 +140,10 @@ export const SideNav = ({
|
||||
const [isSmallScreen, setIsSmallScreen] = useState(false)
|
||||
|
||||
useEffect(() => {
|
||||
setIsSmallScreen(isResponsive && windowSize.width < LAPTOP_BP)
|
||||
}, [isExpanded, isResponsive, windowSize.width])
|
||||
setIsSmallScreen(windowSize.width <= LAPTOP_BP)
|
||||
}, [isExpanded, windowSize.width])
|
||||
|
||||
const isSmallAndResponsive = useMemo(() => isSmallScreen && isResponsive, [isResponsive, isSmallScreen])
|
||||
|
||||
const totalValueByPath = useMemo<{ [key: string]: number }>(
|
||||
() => ({
|
||||
@@ -166,7 +161,7 @@ export const SideNav = ({
|
||||
|
||||
return (
|
||||
<NavigationDrawer
|
||||
data-collapsed={isExpanded && isResponsive && isSmallScreen}
|
||||
data-collapsed={isExpanded && isSmallAndResponsive}
|
||||
css={{
|
||||
width: 264,
|
||||
height: '100vh',
|
||||
@@ -226,12 +221,11 @@ export const SideNav = ({
|
||||
? { mt: '$4', px: 0, justifyContent: 'center' }
|
||||
: undefined,
|
||||
}}
|
||||
href="https://github.com/traefik/traefik/"
|
||||
target="_blank"
|
||||
href={useHref('/')}
|
||||
data-testid="proxy-main-nav"
|
||||
>
|
||||
<Logo height={isSmallScreen ? 36 : 56} isSmallScreen={isSmallScreen} />
|
||||
{!!version && !isSmallScreen && (
|
||||
<Logo height={isSmallAndResponsive ? 36 : 56} isSmallScreen={isSmallAndResponsive} />
|
||||
{!!version && !isSmallAndResponsive && (
|
||||
<TooltipText text={version} css={{ maxWidth: 50, fontWeight: '$semiBold' }} isTruncated />
|
||||
)}
|
||||
</Flex>
|
||||
@@ -270,6 +264,7 @@ export const SideNav = ({
|
||||
count={totalValueByPath[item.path]}
|
||||
isSmallScreen={isSmallScreen}
|
||||
isExpanded={isExpanded}
|
||||
onSidePanelToggle={onSidePanelToggle}
|
||||
/>
|
||||
))}
|
||||
</Flex>
|
||||
@@ -288,94 +283,13 @@ export const SideNav = ({
|
||||
</NavigationLink>
|
||||
</Flex>
|
||||
|
||||
<ApimDemoNavMenu isResponsive={isResponsive} isSmallScreen={isSmallScreen} isExpanded={isExpanded} />
|
||||
<ApimDemoNavMenu
|
||||
isResponsive={isResponsive}
|
||||
isSmallScreen={isSmallScreen}
|
||||
isExpanded={isExpanded}
|
||||
onSidePanelToggle={onSidePanelToggle}
|
||||
/>
|
||||
</Container>
|
||||
</NavigationDrawer>
|
||||
)
|
||||
}
|
||||
|
||||
export const TopNav = ({ css, noHubButton = false }: { css?: CSS; noHubButton?: boolean }) => {
|
||||
const { version } = useContext(VersionContext)
|
||||
const isDarkMode = useIsDarkMode()
|
||||
|
||||
const parsedVersion = useMemo(() => {
|
||||
if (!version) {
|
||||
return 'master'
|
||||
}
|
||||
if (version === 'dev') {
|
||||
return 'master'
|
||||
}
|
||||
const matches = version.match(/^(v?\d+\.\d+)/)
|
||||
return matches ? 'v' + matches[1] : 'master'
|
||||
}, [version])
|
||||
|
||||
const { signatureVerified, scriptBlobUrl, isCustomElementDefined } = useHubUpgradeButton()
|
||||
|
||||
const displayUpgradeToHubButton = useMemo(
|
||||
() => !noHubButton && signatureVerified && (!!scriptBlobUrl || isCustomElementDefined),
|
||||
[isCustomElementDefined, noHubButton, scriptBlobUrl, signatureVerified],
|
||||
)
|
||||
|
||||
return (
|
||||
<>
|
||||
{displayUpgradeToHubButton && (
|
||||
<Helmet>
|
||||
<meta
|
||||
httpEquiv="Content-Security-Policy"
|
||||
content="script-src 'self' blob: 'unsafe-inline'; object-src 'none'; base-uri 'self';"
|
||||
/>
|
||||
<script src={scriptBlobUrl as string} type="module"></script>
|
||||
</Helmet>
|
||||
)}
|
||||
<Flex as="nav" role="navigation" justify="end" align="center" css={{ gap: '$2', mb: '$6', ...css }}>
|
||||
{displayUpgradeToHubButton && (
|
||||
<Box css={{ fontFamily: '$rubik', fontWeight: '500 !important' }}>
|
||||
<hub-button-app
|
||||
key={`dark-mode-${isDarkMode}`}
|
||||
style={{ backgroundColor: isDarkMode ? DARK_PRIMARY_COLOR : LIGHT_PRIMARY_COLOR, fontWeight: 'inherit' }}
|
||||
/>
|
||||
</Box>
|
||||
)}
|
||||
<ThemeSwitcher />
|
||||
|
||||
<DropdownMenu>
|
||||
<DropdownMenuTrigger asChild>
|
||||
<Button ghost variant="secondary" css={{ px: '$2', boxShadow: 'none' }} data-testid="help-menu">
|
||||
<FiHelpCircle size={20} />
|
||||
</Button>
|
||||
</DropdownMenuTrigger>
|
||||
<DropdownMenuPortal>
|
||||
<DropdownMenuContent align="end" css={{ zIndex: 9999 }}>
|
||||
<DropdownMenuGroup>
|
||||
<DropdownMenuItem css={{ height: '$6', cursor: 'pointer' }}>
|
||||
<Link
|
||||
href={`https://doc.traefik.io/traefik/${parsedVersion}`}
|
||||
target="_blank"
|
||||
css={{ textDecoration: 'none', '&:hover': { textDecoration: 'none' } }}
|
||||
>
|
||||
<Flex align="center" gap={2}>
|
||||
<FiBookOpen size={20} />
|
||||
<Text>Documentation</Text>
|
||||
</Flex>
|
||||
</Link>
|
||||
</DropdownMenuItem>
|
||||
<DropdownMenuItem css={{ height: '$6', cursor: 'pointer' }}>
|
||||
<Link
|
||||
href="https://github.com/traefik/traefik/"
|
||||
target="_blank"
|
||||
css={{ textDecoration: 'none', '&:hover': { textDecoration: 'none' } }}
|
||||
>
|
||||
<Flex align="center" gap={2}>
|
||||
<FiGithub size={20} />
|
||||
<Text>Github Repository</Text>
|
||||
</Flex>
|
||||
</Link>
|
||||
</DropdownMenuItem>
|
||||
</DropdownMenuGroup>
|
||||
</DropdownMenuContent>
|
||||
</DropdownMenuPortal>
|
||||
</DropdownMenu>
|
||||
</Flex>
|
||||
</>
|
||||
)
|
||||
}
|
||||
158
webui/src/layout/navigation/TopNavBar.tsx
Normal file
158
webui/src/layout/navigation/TopNavBar.tsx
Normal file
@@ -0,0 +1,158 @@
|
||||
import {
|
||||
Box,
|
||||
Button,
|
||||
CSS,
|
||||
DropdownMenu,
|
||||
DropdownMenuContent,
|
||||
DropdownMenuGroup,
|
||||
DropdownMenuItem,
|
||||
DropdownMenuPortal,
|
||||
DropdownMenuTrigger,
|
||||
Flex,
|
||||
Link,
|
||||
Text,
|
||||
Tooltip,
|
||||
} from '@traefiklabs/faency'
|
||||
import { useContext, useEffect, useMemo, useState } from 'react'
|
||||
import { FiBookOpen, FiChevronLeft, FiGithub, FiHeart, FiHelpCircle } from 'react-icons/fi'
|
||||
import { useLocation } from 'react-router-dom'
|
||||
|
||||
import { DARK_PRIMARY_COLOR, LIGHT_PRIMARY_COLOR } from '../Page'
|
||||
|
||||
import ThemeSwitcher from 'components/ThemeSwitcher'
|
||||
import { VersionContext } from 'contexts/version'
|
||||
import { useRouterReturnTo } from 'hooks/use-href-with-return-to'
|
||||
import { useIsDarkMode } from 'hooks/use-theme'
|
||||
|
||||
const TopNavBarBackLink = () => {
|
||||
const { returnTo, returnToLabel } = useRouterReturnTo()
|
||||
const { pathname } = useLocation()
|
||||
|
||||
if (!returnTo || pathname.includes('hub-dashboard')) return <Box />
|
||||
|
||||
return (
|
||||
<Flex css={{ alignItems: 'center', gap: '$2' }}>
|
||||
<Link href={returnTo}>
|
||||
<Button as="div" ghost variant="secondary" css={{ boxShadow: 'none', p: 0, pr: '$2' }}>
|
||||
<FiChevronLeft style={{ paddingRight: '4px' }} />
|
||||
{returnToLabel || 'Back'}
|
||||
</Button>
|
||||
</Link>
|
||||
</Flex>
|
||||
)
|
||||
}
|
||||
|
||||
export const TopNav = ({ css, noHubButton = false }: { css?: CSS; noHubButton?: boolean }) => {
|
||||
const [hasHubButtonComponent, setHasHubButtonComponent] = useState(false)
|
||||
const { showHubButton, version } = useContext(VersionContext)
|
||||
const isDarkMode = useIsDarkMode()
|
||||
|
||||
const parsedVersion = useMemo(() => {
|
||||
if (!version) {
|
||||
return 'master'
|
||||
}
|
||||
if (version === 'dev') {
|
||||
return 'master'
|
||||
}
|
||||
const matches = version.match(/^(v?\d+\.\d+)/)
|
||||
return matches ? 'v' + matches[1] : 'master'
|
||||
}, [version])
|
||||
|
||||
useEffect(() => {
|
||||
if (!showHubButton) {
|
||||
setHasHubButtonComponent(false)
|
||||
return
|
||||
}
|
||||
|
||||
if (customElements.get('hub-button-app')) {
|
||||
setHasHubButtonComponent(true)
|
||||
return
|
||||
}
|
||||
|
||||
const scripts: HTMLScriptElement[] = []
|
||||
const createScript = (scriptSrc: string): HTMLScriptElement => {
|
||||
const script = document.createElement('script')
|
||||
script.src = scriptSrc
|
||||
script.async = true
|
||||
script.onload = () => {
|
||||
setHasHubButtonComponent(customElements.get('hub-button-app') !== undefined)
|
||||
}
|
||||
scripts.push(script)
|
||||
return script
|
||||
}
|
||||
|
||||
// Source: https://github.com/traefik/traefiklabs-hub-button-app
|
||||
document.head.appendChild(createScript('traefiklabs-hub-button-app/main-v1.js'))
|
||||
|
||||
return () => {
|
||||
// Remove the scripts on unmount.
|
||||
scripts.forEach((script) => {
|
||||
if (script.parentNode) {
|
||||
script.parentNode.removeChild(script)
|
||||
}
|
||||
})
|
||||
}
|
||||
}, [showHubButton])
|
||||
|
||||
return (
|
||||
<Flex as="nav" role="navigation" justify="space-between" align="center" css={{ mb: '$6', ...css }}>
|
||||
<TopNavBarBackLink />
|
||||
<Flex gap={2} align="center">
|
||||
{!noHubButton && hasHubButtonComponent && (
|
||||
<Box css={{ fontFamily: '$rubik', fontWeight: '500 !important' }}>
|
||||
<hub-button-app
|
||||
key={`dark-mode-${isDarkMode}`}
|
||||
style={{ backgroundColor: isDarkMode ? DARK_PRIMARY_COLOR : LIGHT_PRIMARY_COLOR, fontWeight: 'inherit' }}
|
||||
/>
|
||||
</Box>
|
||||
)}
|
||||
<Tooltip content="Sponsor" side="bottom">
|
||||
<Link href="https://github.com/sponsors/traefik" target="_blank">
|
||||
<Button as="div" ghost css={{ px: '$2', boxShadow: 'none' }}>
|
||||
<FiHeart size={20} color="#db61a2" />
|
||||
</Button>
|
||||
</Link>
|
||||
</Tooltip>
|
||||
<ThemeSwitcher />
|
||||
|
||||
<DropdownMenu>
|
||||
<DropdownMenuTrigger asChild>
|
||||
<Button ghost variant="secondary" css={{ px: '$2', boxShadow: 'none' }} data-testid="help-menu">
|
||||
<FiHelpCircle size={20} />
|
||||
</Button>
|
||||
</DropdownMenuTrigger>
|
||||
<DropdownMenuPortal>
|
||||
<DropdownMenuContent align="end" css={{ zIndex: 9999 }}>
|
||||
<DropdownMenuGroup>
|
||||
<DropdownMenuItem css={{ height: '$6', cursor: 'pointer' }}>
|
||||
<Link
|
||||
href={`https://doc.traefik.io/traefik/${parsedVersion}`}
|
||||
target="_blank"
|
||||
css={{ textDecoration: 'none', '&:hover': { textDecoration: 'none' } }}
|
||||
>
|
||||
<Flex align="center" gap={2}>
|
||||
<FiBookOpen size={20} />
|
||||
<Text>Documentation</Text>
|
||||
</Flex>
|
||||
</Link>
|
||||
</DropdownMenuItem>
|
||||
<DropdownMenuItem css={{ height: '$6', cursor: 'pointer' }}>
|
||||
<Link
|
||||
href="https://github.com/traefik/traefik/"
|
||||
target="_blank"
|
||||
css={{ textDecoration: 'none', '&:hover': { textDecoration: 'none' } }}
|
||||
>
|
||||
<Flex align="center" gap={2}>
|
||||
<FiGithub size={20} />
|
||||
<Text>Github Repository</Text>
|
||||
</Flex>
|
||||
</Link>
|
||||
</DropdownMenuItem>
|
||||
</DropdownMenuGroup>
|
||||
</DropdownMenuContent>
|
||||
</DropdownMenuPortal>
|
||||
</DropdownMenu>
|
||||
</Flex>
|
||||
</Flex>
|
||||
)
|
||||
}
|
||||
5
webui/src/layout/navigation/index.ts
Normal file
5
webui/src/layout/navigation/index.ts
Normal file
@@ -0,0 +1,5 @@
|
||||
// common breakpoint for large screen, cf. https://www.w3schools.com/howto/howto_css_media_query_breakpoints.asp
|
||||
export const LAPTOP_BP = 1200
|
||||
|
||||
export * from './SideNavBar'
|
||||
export * from './TopNavBar'
|
||||
@@ -9,7 +9,7 @@ import { PUBLIC_KEY } from './constants'
|
||||
|
||||
import { SpinnerLoader } from 'components/SpinnerLoader'
|
||||
import { useIsDarkMode } from 'hooks/use-theme'
|
||||
import { TopNav } from 'layout/Navigation'
|
||||
import { TopNav } from 'layout/navigation'
|
||||
|
||||
const SCRIPT_URL = 'https://assets.traefik.io/hub-ui-demo.js'
|
||||
|
||||
|
||||
@@ -6,16 +6,18 @@ import { HubDemoContext } from './demoNavContext'
|
||||
import { HubIcon } from './icons'
|
||||
|
||||
import Tooltip from 'components/Tooltip'
|
||||
import { BasicNavigationItem, LAPTOP_BP } from 'layout/Navigation'
|
||||
import { BasicNavigationItem, LAPTOP_BP } from 'layout/navigation'
|
||||
|
||||
const ApimDemoNavMenu = ({
|
||||
isResponsive,
|
||||
isSmallScreen,
|
||||
isExpanded,
|
||||
onSidePanelToggle,
|
||||
}: {
|
||||
isResponsive: boolean
|
||||
isSmallScreen: boolean
|
||||
isExpanded: boolean
|
||||
onSidePanelToggle: (isOpen: boolean) => void
|
||||
}) => {
|
||||
const [isCollapsed, setIsCollapsed] = useState(false)
|
||||
const { navigationItems: hubDemoNavItems } = useContext(HubDemoContext)
|
||||
@@ -38,7 +40,7 @@ const ApimDemoNavMenu = ({
|
||||
transition: 'transform 0.3s ease-in-out',
|
||||
}}
|
||||
/>
|
||||
{isSmallScreen ? (
|
||||
{isSmallScreen && isResponsive ? (
|
||||
<Tooltip label="Hub demo">
|
||||
<Box css={{ ml: 4, color: '$navButtonText' }}>
|
||||
<HubIcon width={20} />
|
||||
@@ -74,6 +76,7 @@ const ApimDemoNavMenu = ({
|
||||
route={route}
|
||||
isSmallScreen={isSmallScreen}
|
||||
isExpanded={isExpanded}
|
||||
onSidePanelToggle={onSidePanelToggle}
|
||||
/>
|
||||
))}
|
||||
</Box>
|
||||
|
||||
Reference in New Issue
Block a user