Documentation
¶
Index ¶
- Constants
- func ApplyBotMitigation(projectDir, state string, opts BotMitigationOptions) error
- func ApplyBotMitigationContext(ctx context.Context, projectDir, state string, opts BotMitigationOptions) error
- func BotMitigation(opts BotMitigationOptions) corecomponent.Definition
- func Ingress(opts IngressOptions) (corecomponent.ComposeServiceComponent, error)
- func IngressModeRequiresACMEEmail(mode string) bool
- func IngressModeTLSProvider(mode string) string
- func IngressModeUsesHTTPS(mode string) bool
- func NormalizeIngressMode(mode string) (string, bool)
- func SuggestedApplicationHosts(ctx *config.Context, update IngressAppUpdate) []string
- type BotMitigationOptions
- type CaptchaProtectMiddlewareOptions
- type IngressAppUpdate
- type IngressAppUpdateFunc
- type IngressInspection
- type IngressOptions
- type NginxRealIPConfig
Constants ¶
const ( // BotMitigationName is the component name for Traefik captcha-protect bot mitigation. BotMitigationName = "bot-mitigation" // BotMitigationStateOn enables captcha-protect bot mitigation. BotMitigationStateOn = "on" // BotMitigationStateOff disables captcha-protect bot mitigation. BotMitigationStateOff = "off" )
const ( // IngressName is the component name for Traefik ingress settings. IngressName = "ingress" // IngressModeHTTP serves the stack over plain HTTP. IngressModeHTTP = "http" // IngressModeHTTPSCloudflareOrigin serves HTTPS using a Cloudflare Origin CA certificate mounted from ./certs. IngressModeHTTPSCloudflareOrigin = "https-cloudflare-origin" // IngressModeHTTPSLetsEncrypt serves HTTPS using Let's Encrypt ACME automation. IngressModeHTTPSLetsEncrypt = "https-letsencrypt" // IngressModeHTTPSCustom serves HTTPS using an operator-managed certificate mounted from ./certs. IngressModeHTTPSCustom = "https-custom" // IngressModeHTTPSMkcert serves HTTPS using mkcert-managed certificates for non-production contexts. IngressModeHTTPSMkcert = "https-mkcert" // DefaultIngressDomain is the default local development domain. DefaultIngressDomain = "localhost" // DefaultMaxUploadSize is the upload size used when ingress upload settings are not explicitly set. DefaultMaxUploadSize = "128M" // DefaultUploadTimeout is the read timeout used when ingress upload settings are not explicitly set. DefaultUploadTimeout = "300s" )
Variables ¶
This section is empty.
Functions ¶
func ApplyBotMitigation ¶
func ApplyBotMitigation(projectDir, state string, opts BotMitigationOptions) error
ApplyBotMitigation applies or removes Traefik captcha-protect configuration.
func ApplyBotMitigationContext ¶
func ApplyBotMitigationContext(ctx context.Context, projectDir, state string, opts BotMitigationOptions) error
ApplyBotMitigationContext applies or removes Traefik captcha-protect configuration, using ctx for network work performed while enabling.
func BotMitigation ¶
func BotMitigation(opts BotMitigationOptions) corecomponent.Definition
BotMitigation returns reusable Traefik captcha-protect component metadata.
ApplyBotMitigation is the sole mutating entrypoint. The returned definition is intentionally metadata-only so component review/create prompts cannot drift from the command, volume, router, and plugin-source mutations.
func Ingress ¶ added in v0.26.0
func Ingress(opts IngressOptions) (corecomponent.ComposeServiceComponent, error)
Ingress returns a reusable component that owns Traefik ingress, TLS, domain, proxy trust, upload, and read timeout configuration.
func IngressModeRequiresACMEEmail ¶ added in v0.35.2
IngressModeRequiresACMEEmail reports whether a mode or alias needs an ACME email.
func IngressModeTLSProvider ¶ added in v0.35.2
IngressModeTLSProvider reports the TLS provider label used for status output.
func IngressModeUsesHTTPS ¶ added in v0.35.2
IngressModeUsesHTTPS reports whether a mode or alias enables HTTPS.
func NormalizeIngressMode ¶ added in v0.35.2
NormalizeIngressMode returns the canonical ingress mode for a user-provided mode or alias.
func SuggestedApplicationHosts ¶ added in v0.35.2
func SuggestedApplicationHosts(ctx *config.Context, update IngressAppUpdate) []string
SuggestedApplicationHosts returns hostnames that app-level host allowlists should commonly accept for this ingress update.
Types ¶
type BotMitigationOptions ¶
type BotMitigationOptions struct {
Name string
RouterName string
RouterConfigPath string
MiddlewareName string
Middleware CaptchaProtectMiddlewareOptions
}
BotMitigationOptions configures a reusable Traefik bot-mitigation component for an application router.
func NormalizeBotMitigationOptions ¶
func NormalizeBotMitigationOptions(opts BotMitigationOptions) BotMitigationOptions
NormalizeBotMitigationOptions applies defaults for reusable bot mitigation.
type CaptchaProtectMiddlewareOptions ¶
type CaptchaProtectMiddlewareOptions struct {
Window int
Mode string
ProtectRoutes string
ExcludeRoutes []string
ProtectParameters string
ChallengeTemplate string
ChallengeURL string
ChallengeStatusCode int
CaptchaProvider string
SiteKey string
SecretKey string
IPForwardedHeader string
GoodBots []string
PersistentStateFile string
ProtectFileExtensions string
PeriodSeconds int
FailureThreshold int
EnableGooglebotIPCheck string
EnableUptimeRobotBypass string
}
CaptchaProtectMiddlewareOptions configures the generated captcha-protect middleware block.
type IngressAppUpdate ¶ added in v0.35.2
type IngressAppUpdate struct {
Mode string
Domain string
Scheme string
BaseURL string
ACMEEmail string
TrustedProxyIPs []string
UploadSize string
ReadTimeout string
HTTPS bool
LetsEncrypt bool
Mkcert bool
}
IngressAppUpdate describes a resolved ingress change for plugin-owned application wiring.
type IngressAppUpdateFunc ¶ added in v0.35.2
type IngressAppUpdateFunc func(context.Context, *config.Context, *corecomponent.ComposeFile, IngressAppUpdate) error
IngressAppUpdateFunc lets application plugins update app-specific config whenever the shared ingress component changes.
type IngressInspection ¶ added in v0.26.0
type IngressInspection struct {
ComposeFile string
Traefik map[string][]string
NginxServices map[string]NginxRealIPConfig
}
IngressInspection summarizes Traefik forwarded-header trust and matching nginx real-IP settings.
func InspectIngress ¶ added in v0.26.0
func InspectIngress(ctx *config.Context) (IngressInspection, error)
InspectIngress reads the active compose file and extracts ingress trust settings.
type IngressOptions ¶ added in v0.26.0
type IngressOptions struct {
AppService string
NoAppService bool
TraefikService string
HTTPEntrypoint string
HTTPSEntrypoint string
Entrypoints []string
TraefikConfigDir string
RouterFiles []string
RouterHosts map[string]string
ServiceEnvTemplates map[string]map[string]string
AppUpdate IngressAppUpdateFunc
TrustedIPLimit int
}
IngressOptions configures the reusable Traefik ingress component for a stack.
type NginxRealIPConfig ¶ added in v0.22.0
NginxRealIPConfig describes nginx real-IP environment settings for one service.