TyleoDvDelaware3217/GoDoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2025-05-19 20:32:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
GoDoxy/docs/middlewares.md

9.5 KiB
Raw Blame History

Middlewares

Table of content

Available middlewares

Redirect http

Redirect http requests to https

# docker labels
proxy.app1.middlewares.redirect_http:

# include file
app1:
  middlewares:
    redirect_http:

nginx equivalent:

server {
    listen 80;
    server_name domain.tld;
    return 301 https://$host$request_uri;
}

🔼Back to top

Custom error pages

To enable custom error pages, mount a folder containing your html, js, css files to /app/error_pages of go-proxy container (subfolders are ignored, please place all files in root directory)

Any path under error_pages directory (e.g. href tag), should starts with /$gperrorpage/

Example:

<html>
<head>
    <title>404 Not Found</title>
    <link type="text/css" rel="stylesheet" href="/$gperrorpage/style.css" />
</head>
<body>
    ...
</body>
</html>

Hot-reloading is supported, you can edit, rename or delete files without restarting. Changes will be reflected after page reload

Error page will be served if:

  • route does not exist or domain does not match any of match_domains

or

  • status code is not in range of 200 to 300, and
  • content type is text/html, application/xhtml+xml or text/plain

Error page will be served:

  • from file <statusCode>.html if exists
  • otherwise from 404.html
  • if they don't exist, original response will be served
# docker labels
proxy.app1.middlewares.custom_error_page:

# include file
app1:
  middlewares:
    custom_error_page:

nginx equivalent:

location / {
    try_files $uri $uri/ /error_pages/404.html =404;
}

🔼Back to top

Real IP

Check https://nginx.org/en/docs/http/ngx_http_realip_module.html for explaination of options

Custom

# docker labels
proxy.app1.middlewares.real_ip.header: X-Real-IP
proxy.app1.middlewares.real_ip.from: |
  127.0.0.1
  192.168.0.0/16
  10.0.0.0/8
proxy.app1.middlewares.real_ip.recursive: true

# include file
app1:
  middlewares:
    real_ip:
      header: X-Real-IP
      from:
        - 127.0.0.1
        - 192.168.0.0/16
        - 10.0.0.0/8
      recursive: true

nginx equivalent:

location / {
    set_real_ip_from 127.0.0.1;
    set_real_ip_from 192.168.0.0/16;
    set_real_ip_from 10.0.0.0/8;

    real_ip_header    X-Real-IP;
    real_ip_recursive on;
}

🔼Back to top

Cloudflare

This is a preset for Cloudflare

# docker labels
proxy.app1.middlewares.cloudflare_real_ip:

# include file
app1:
  middlewares:
    cloudflare_real_ip:

🔼Back to top

CIDR Whitelist

# docker labels
proxy.app1.middlewares.cidr_whitelist.allow: |
  10.0.0.0/8
  192.168.0.0/16
# optional (default: 403)
proxy.app1.middlewares.cidr_whitelist.status_code: 403
# optional (default: "IP not allowed")
proxy.app1.middlewares.cidr_whitelist.message: "IP not allowed"

# include file
app1:
  middlewares:
    whitelist:
      cidr:
        - 10.0.0.0/8
        - 192.168.0.0/16
      status_code: 403          # default
      message: "IP not allowed" # default

Modify request or response

# docker labels
proxy.app1.middlewares.modify_request.field:
proxy.app1.middlewares.modify_response.field:

# include file
app1:
  middlewares:
    modify_request:
      field:
    modify_response:
      field:

Set headers

# docker labels
proxy.app1.middlewares.modify_request.set_headers: |
  X-Custom-Header1: value1, value2
  X-Custom-Header2: value3

# include file
app1:
  middlewares:
    modify_request:
      set_headers:
        X-Custom-Header1: value1, value2
        X-Custom-Header2: value3

nginx equivalent:

location / {
    add_header X-Custom-Header1 value1, value2;
    add_header X-Custom-Header2 value3;
}

🔼Back to top

Add headers

# docker labels
proxy.app1.middlewares.modify_request.add_headers: |
  X-Custom-Header1: value1, value2
  X-Custom-Header2: value3

# include file
app1:
  middlewares:
    modify_request:
      add_headers:
        X-Custom-Header1: value1, value2
        X-Custom-Header2: value3

nginx equivalent:

location / {
    more_set_headers "X-Custom-Header1: value1, value2";
    more_set_headers "X-Custom-Header2: value3";
}

🔼Back to top

Hide headers

# docker labels
proxy.app1.middlewares.modify_request.hide_headers: |
  X-Custom-Header1
  X-Custom-Header2

# include file
app1:
  middlewares:
    modify_request:
      hide_headers:
        - X-Custom-Header1
        - X-Custom-Header2

nginx equivalent:

location / {
    more_clear_headers "X-Custom-Header1";
    more_clear_headers "X-Custom-Header2";
}

🔼Back to top

X-Forwarded-* Headers

Hide X-Forwarded-*

Remove Forwarded and X-Forwarded-* headers before request

# docker labels
proxy.app1.middlewares.modify_request.hide_x_forwarded:

# include file
app1:
  middlewares:
    modify_request:
      hide_x_forwarded:

Set X-Forwarded-*

Replace existing X-Forwarded-* headers with go-proxy provided headers

# docker labels
proxy.app1.middlewares.modify_request.set_x_forwarded:

# include file
app1:
  middlewares:
    modify_request:
      set_x_forwarded:

🔼Back to top

Forward Authorization header (experimental)

Fields:

  • address: authentication provider URL (required)
  • trust_forward_header: whether to trust X-Forwarded-* headers from upstream proxies (default: false)
  • auth_response_headers: list of headers to copy from auth response (default: empty)
  • add_auth_cookies_to_response: list of cookies to add to response (default: empty)
# docker labels
proxy.app1.middlewares.forward_auth.address: https://auth.example.com
proxy.app1.middlewares.forward_auth.trust_forward_header: true
proxy.app1.middlewares.forward_auth.auth_response_headers: |
  X-Auth-Token
  X-Auth-User
proxy.app1.middlewares.forward_auth.add_auth_cookies_to_response: |
  uid
  session_id

# include file
app1:
  middlewares:
    forward_authorization:
        address: https://auth.example.com
        trust_forward_header: true
        auth_response_headers:
            - X-Auth-Token
            - X-Auth-User
        add_auth_cookies_to_response:
            - uid
            - session_id

Traefik equivalent:

# docker labels
traefik.http.middlewares.authentik.forwardauth.address: https://auth.example.com
traefik.http.middlewares.authentik.forwardauth.trustForwardHeader: true
traefik.http.middlewares.authentik.forwardauth.authResponseHeaders: X-Auth-Token, X-Auth-User
traefik.http.middlewares.authentik.forwardauth.addAuthCookiesToResponse: uid, session_id

# standalone
http:
  middlewares:
    forwardAuth:
        address: https://auth.example.com
        trustForwardHeader: true
        authResponseHeaders:
            - X-Auth-Token
            - X-Auth-User
        addAuthCookiesToResponse:
            - uid
            - session_id

🔼Back to top

Middleware Compose

Middleware compose is a way to create reusable middlewares in file(s), just like docker compose.

Files will be loaded from config/middlewares

You may use them with <middleware_name>@file

See example

🔼Back to top

Examples

Authentik (untested, experimental)

# docker compose
services:
  ...
  server:
    ...
    container_name: authentik
    labels:
      proxy.authentik.middlewares.redirect_http:
      proxy.authentik.middlewares.set_x_forwarded:
      proxy.authentik.middlewares.modify_request.add_headers: |
        Strict-Transport-Security: "max-age=63072000" always

  whoami:
    image: containous/whoami
    container_name: whoami
    ports:
      - 80
    labels:
      proxy.#1.middlewares.forward_auth.address: https://your_authentik_forward_address
      proxy.#1.middlewares.forward_auth.trustForwardHeader: true
      proxy.#1.middlewares.forward_auth.authResponseHeaders: |
        X-authentik-username
        X-authentik-groups
        X-authentik-email
        X-authentik-name
        X-authentik-uid
        X-authentik-jwt
        X-authentik-meta-jwks
        X-authentik-meta-outpost
        X-authentik-meta-provider
        X-authentik-meta-app
        X-authentik-meta-version
    restart: unless-stopped

🔼Back to top