I have setup following IngressRoute
for default path and wp-*
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: external-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) || Host(`www.example.com`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: https-redirect
tls:
secretName: prod-cert
and
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wp-admin-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) || Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: secured-restricted
tls:
secretName: prod-cert
Middleware:
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: secured-restricted
namespace: marketing
spec:
chain:
middlewares:
- name: https-redirect
- name: permited-ips
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-redirect
namespace: marketing
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: permited-ips
namespace: marketing
spec:
ipWhiteList:
sourceRange:
- #.#.#.#/28
---
https://www.example.com
--> works
https://example.com
--> Get Forbidden
https://example.com
works only when I try to access it from whitelisted IP (#.#.#.#/28)
So looks like external-1 IngressRoute is not getting hit.
What is wrong with this setup?
Splitting the rules in following way fixed the issue.
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: external-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: wordpress
port: 80
- match: Host(`www.example.com`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: https-redirect
tls:
secretName: prod-cert
and
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wp-admin-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
- match: Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: secured-restricted
tls:
secretName: prod-cert
You probably forgot a bracket, and your original configuration might just work by changing to this:
(Host(`example.com`) || Host(`www.example.com`)) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.