Commit Graph

17 Commits

Author SHA1 Message Date
Christoph Schug
7bf5fdb8fc
Merge pull request #298 from cschug/fix_traefik_rules
fix: fix Traefik 3 host rule matching
2024-07-03 11:26:50 +02:00
renovate[bot]
2b4bfdd7b6
chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v16 2024-06-13 21:36:54 +00:00
Christoph Schug
a20783287c fix: fix Traefik 3 host rule matching
The function `HostHost` is an obvious typo, such a function does not
exist, most likely just `Hosts` is meant here.

Furthermore, Trafik 3 doesn't use the Gorilla Mux framework
anymore, therefore the matching using curly brace syntax like in
`{subhost:[a-z]+}` isn't supported anymore. For details, see [1].
Alas, the final Traffic 2 to 3 migration document dropped this crucial
information but at least all of those many examples using this method
which were in the Trafik 2 documentation were removed from the Traefik 3
documentation.

Also `[a-z]+` does not match all valid sub-domains as specified per RFC
1123 [2], and needs to be enhanced to support hyphen characters within a
single DNS label as well (but not at the start or the end of a label).
This is also a requirement for i18n domains in their ACE representation.

Actually the regular expression can be made even more strict to comply
with length limitations as defined in RFC 2181 [3] but this would require
pretty resource-intense lookarounds in the regular expression, therefore
those should be neglected here.

As we are doing regular expression match anyway, the `Host` function can
be dropped. It adds redundancy to the configuration and only would make
sense from a performance point of view, if the vast majority of requests
would lack any sub-domain.

Last but not least, the Trafik documentation isn't clear at all, whether
any potential port number is being stripped from the `Host` request header.
From empiric testing with Traefik 3.0.1 that's apparently the case, but
as it isn't a documented feature, we rather accept potential ports as
well.

Same when it comes to case-sensitivity. From testing it looks like the
hostname is always forced to lower-case chararcters, but strangely
enough even the official documentation contains an example which
suggests enabling case-insensitive mode for regular expression matching
using `(?i)`. Therefore we better stick with that one as well.

[1] https://traefik.io/blog/traefik-proxy-3-0-scope-beta-program-and-the-first-feature-drop/
[2] https://datatracker.ietf.org/doc/html/rfc1123
[3] https://datatracker.ietf.org/doc/html/rfc2181
2024-06-02 19:43:03 +02:00
Christian Lempa
889d56c495 traefik v3 config migration 2024-05-26 10:24:00 +02:00
renovate[bot]
c28859d160
chore(deps): update public.ecr.aws/gravitational/teleport-distroless docker tag to v15 2024-03-18 15:45:43 +00:00
Christoph Schug
8a17193dd0 fix: add final newline character to text files
This makes text files compliant to POSIX which requires every line of a
text file to end with a newline character [1][2].

[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_403
[2] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
2024-02-22 19:06:54 +01:00
Christian Lempa
3c71705a74 quick fix 2023-08-21 11:43:14 +02:00
Christian Lempa
84ac33f264 quick formatting update 2023-08-16 14:33:02 +02:00
Christian Lempa
fc878d0389 change filename in teleport 2023-08-16 12:21:43 +02:00
Christian Lempa
d309ab44a9 formatting update 2023-08-16 12:15:47 +02:00
Christian Lempa
868fd6ffe1 updated changes and docs 2023-08-16 11:28:44 +02:00
Christian Lempa
878a4796bf update 2023-08-09 10:39:13 +02:00
Christian Lempa
96fcebe6ca updated docker compose file 2023-07-25 13:18:42 +02:00
Christian Lempa
0c30f62cbe formatting update 2023-05-25 14:26:13 +02:00
Christian Lempa
ba2c9ebbb2 teleport 10 passwordless update 2022-08-30 19:01:48 +02:00
Christian
79adc3f8d6 update deployments and readme 2022-01-11 09:37:46 +01:00
xcad2k
54213cd26f reorganize folders 2021-09-24 14:05:19 +02:00