![](/img/trans.png)
[英]traefik pathprefixstrip with kubernetes ingress and redirect doesn't work
[英]Traefik IngressRoute redirect doesn’t work
我在IngressRoute
之后设置了默认路径和wp-*
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: external-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) || Host(`www.example.com`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: https-redirect
tls:
secretName: prod-cert
和
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wp-admin-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) || Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: secured-restricted
tls:
secretName: prod-cert
中间件:
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: secured-restricted
namespace: marketing
spec:
chain:
middlewares:
- name: https-redirect
- name: permited-ips
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-redirect
namespace: marketing
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: permited-ips
namespace: marketing
spec:
ipWhiteList:
sourceRange:
- #.#.#.#/28
---
https://www.example.com
--> 有效
https://example.com
--> 被禁止
https://example.com
仅在我尝试从白名单 IP (#.#.#.#/28) 访问它时有效
所以看起来 external-1 IngressRoute 没有受到攻击。
这个设置有什么问题?
以下列方式拆分规则解决了这个问题。
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: external-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`)
kind: Rule
services:
- name: wordpress
port: 80
- match: Host(`www.example.com`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: https-redirect
tls:
secretName: prod-cert
和
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wp-admin-1
namespace: marketing
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
- match: Host(`www.example.com`) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
kind: Rule
services:
- name: wordpress
port: 80
middlewares:
- name: secured-restricted
tls:
secretName: prod-cert
您可能忘记了一个括号,您的原始配置可能只需更改为:
(Host(`example.com`) || Host(`www.example.com`)) && PathPrefix(`/wp-login.php`,`/wp-login.php/`, `/wp-admin/`)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.