TCP Middlewares

Controlling connections

Overview

Configuration Example

Docker

  1. # As a Docker Label
  2. whoami:
  3.   #  A container that exposes an API to show its IP address
  4.   image: traefik/whoami
  5.   labels:
  6.     # Create a middleware named `foo-ip-whitelist`
  7.     - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
  8.     # Apply the middleware named `foo-ip-whitelist` to the router named `router1`
  9.     - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker"

Kubernetes IngressRoute

  1. # As a Kubernetes Traefik IngressRoute
  2. apiVersion: apiextensions.k8s.io/v1beta1
  3. kind: CustomResourceDefinition
  4. metadata:
  5.   name: middlewaretcps.traefik.containo.us
  6. spec:
  7.   group: traefik.containo.us
  8.   version: v1alpha1
  9.   names:
  10.     kind: MiddlewareTCP
  11.     plural: middlewaretcps
  12.     singular: middlewaretcp
  13.   scope: Namespaced
  15. ---
  16. apiVersion: traefik.containo.us/v1alpha1
  17. kind: Middleware
  18. metadata:
  19.   name: foo-ip-whitelist
  20. spec:
  21.   ipWhiteList:
  22.     sourcerange:
  23.       - 127.0.0.1/32
  24.       - 192.168.1.7
  26. ---
  27. apiVersion: traefik.containo.us/v1alpha1
  28. kind: IngressRoute
  29. metadata:
  30.   name: ingressroute
  31. spec:
  32. # more fields...
  33.   routes:
  34.     # more fields...
  35.     middlewares:
  36.       - name: foo-ip-whitelist

Consul Catalog

  1. # Create a middleware named `foo-ip-whitelist`
  2. - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
  3. # Apply the middleware named `foo-ip-whitelist` to the router named `router1`
  4. - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog"

Marathon

  1. "labels": {
  2.   "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7",
  3.   "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon"
  4. }

Rancher

  1. # As a Rancher Label
  2. labels:
  3.   # Create a middleware named `foo-ip-whitelist`
  4.   - "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
  5.   # Apply the middleware named `foo-ip-whitelist` to the router named `router1`
  6.   - "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher"

File (TOML)

  1. # As TOML Configuration File
  2. [tcp.routers]
  3.   [tcp.routers.router1]
  4.     service = "myService"
  5.     middlewares = ["foo-ip-whitelist"]
  6.     rule = "Host(`example.com`)"
  8. [tcp.middlewares]
  9.   [tcp.middlewares.foo-ip-whitelist.ipWhiteList]
  10.     sourceRange = ["127.0.0.1/32", "192.168.1.7"]
  12. [tcp.services]
  13.   [tcp.services.service1]
  14.     [tcp.services.service1.loadBalancer]
  15.     [[tcp.services.service1.loadBalancer.servers]]
  16.       address = "10.0.0.10:4000"
  17.     [[tcp.services.service1.loadBalancer.servers]]
  18.       address = "10.0.0.11:4000"

File (YAML)

  1. # As YAML Configuration File
  2. tcp:
  3.   routers:
  4.     router1:
  5.       service: myService
  6.       middlewares:
  7.         - "foo-ip-whitelist"
  8.       rule: "Host(`example.com`)"
  10.   middlewares:
  11.     foo-ip-whitelist:
  12.       ipWhiteList:
  13.         sourceRange:
  14.           - "127.0.0.1/32"
  15.           - "192.168.1.7"
  17.   services:
  18.     service1:
  19.       loadBalancer:
  20.         servers:
  21.         - address: "10.0.0.10:4000"
  22.         - address: "10.0.0.11:4000"

Available TCP Middlewares

MiddlewarePurposeArea
IPWhiteListLimit the allowed client IPsSecurity, Request lifecycle