// CreateTLSConfig creates a TLS config from ClientTLS structures func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) { var err error if clientTLS == nil { log.Warnf("clientTLS is nil") return nil, nil } caPool := x509.NewCertPool() if clientTLS.CA != "" { var ca []byte if _, errCA := os.Stat(clientTLS.CA); errCA == nil { ca, err = ioutil.ReadFile(clientTLS.CA) if err != nil { return nil, fmt.Errorf("Failed to read CA. %s", err) } } else { ca = []byte(clientTLS.CA) } caPool.AppendCertsFromPEM(ca) } cert := tls.Certificate{} _, errKeyIsFile := os.Stat(clientTLS.Key) if _, errCertIsFile := os.Stat(clientTLS.Cert); errCertIsFile == nil { if errKeyIsFile == nil { cert, err = tls.LoadX509KeyPair(clientTLS.Cert, clientTLS.Key) if err != nil { return nil, fmt.Errorf("Failed to load TLS keypair: %v", err) } } else { return nil, fmt.Errorf("tls cert is a file, but tls key is not") } } else { if errKeyIsFile != nil { cert, err = tls.X509KeyPair([]byte(clientTLS.Cert), []byte(clientTLS.Key)) if err != nil { return nil, fmt.Errorf("Failed to load TLS keypair: %v", err) } } else { return nil, fmt.Errorf("tls key is a file, but tls cert is not") } } TLSConfig := &tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: caPool, InsecureSkipVerify: clientTLS.InsecureSkipVerify, } return TLSConfig, nil }
func listContainers(ctx context.Context, dockerClient client.ContainerAPIClient) ([]dockerData, error) { containerList, err := dockerClient.ContainerList(ctx, dockertypes.ContainerListOptions{}) if err != nil { return []dockerData{}, err } containersInspected := []dockerData{} // get inspect containers for _, container := range containerList { containerInspected, err := dockerClient.ContainerInspect(ctx, container.ID) if err != nil { log.Warnf("Failed to inspect container %s, error: %s", container.ID, err) } else { dockerData := parseContainer(containerInspected) containersInspected = append(containersInspected, dockerData) } } return containersInspected, nil }
func (a *ACME) init() error { if a.ACMELogging { acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags) } else { acme.Logger = fmtlog.New(ioutil.Discard, "", 0) } // no certificates in TLS config, so we add a default one cert, err := generateDefaultCertificate() if err != nil { return err } a.defaultCertificate = cert // TODO: to remove in the futurs if len(a.StorageFile) > 0 && len(a.Storage) == 0 { log.Warnf("ACME.StorageFile is deprecated, use ACME.Storage instead") a.Storage = a.StorageFile } return nil }
// Close destroys the server func (server *Server) Close() { ctx, cancel := context.WithTimeout(context.Background(), time.Duration(server.globalConfiguration.GraceTimeOut)*time.Second) go func(ctx context.Context) { <-ctx.Done() if ctx.Err() == context.Canceled { return } else if ctx.Err() == context.DeadlineExceeded { log.Warnf("Timeout while stopping traefik, killing instance ✝") os.Exit(1) } }(ctx) server.stopLeadership() server.routinesPool.Cleanup() close(server.configurationChan) close(server.configurationValidatedChan) signal.Stop(server.signals) close(server.signals) close(server.stopChan) server.loggerMiddleware.Close() cancel() }
// CheckNewVersion checks if a new version is available func CheckNewVersion() { if Version == "dev" { return } client := github.NewClient(nil) updateURL, err := url.Parse("https://update.traefik.io") if err != nil { log.Warnf("Error checking new version: %s", err) return } client.BaseURL = updateURL releases, resp, err := client.Repositories.ListReleases("containous", "traefik", nil) if err != nil { log.Warnf("Error checking new version: %s", err) return } if resp.StatusCode != 200 { log.Warnf("Error checking new version: status=%s", resp.Status) return } currentVersion, err := goversion.NewVersion(Version) if err != nil { log.Warnf("Error checking new version: %s", err) return } for _, release := range releases { releaseVersion, err := goversion.NewVersion(*release.TagName) if err != nil { log.Warnf("Error checking new version: %s", err) return } if len(currentVersion.Prerelease()) == 0 && len(releaseVersion.Prerelease()) > 0 { continue } if releaseVersion.GreaterThan(currentVersion) { log.Warnf("A new release has been found: %s. Please consider updating.", releaseVersion.String()) return } } }
func (provider *Kubernetes) loadIngresses(k8sClient k8s.Client) (*types.Configuration, error) { ingresses := k8sClient.GetIngresses(provider.Namespaces) templateObjects := types.Configuration{ map[string]*types.Backend{}, map[string]*types.Frontend{}, } PassHostHeader := provider.getPassHostHeader() for _, i := range ingresses { for _, r := range i.Spec.Rules { for _, pa := range r.HTTP.Paths { if _, exists := templateObjects.Backends[r.Host+pa.Path]; !exists { templateObjects.Backends[r.Host+pa.Path] = &types.Backend{ Servers: make(map[string]types.Server), } } if _, exists := templateObjects.Frontends[r.Host+pa.Path]; !exists { templateObjects.Frontends[r.Host+pa.Path] = &types.Frontend{ Backend: r.Host + pa.Path, PassHostHeader: PassHostHeader, Routes: make(map[string]types.Route), Priority: len(pa.Path), } } if len(r.Host) > 0 { if _, exists := templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host]; !exists { templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host] = types.Route{ Rule: "Host:" + r.Host, } } } if len(pa.Path) > 0 { ruleType := i.Annotations["traefik.frontend.rule.type"] switch strings.ToLower(ruleType) { case "pathprefixstrip": ruleType = "PathPrefixStrip" case "pathstrip": ruleType = "PathStrip" case "path": ruleType = "Path" case "pathprefix": ruleType = "PathPrefix" case "": ruleType = "PathPrefix" default: log.Warnf("Unknown RuleType %s for %s/%s, falling back to PathPrefix", ruleType, i.ObjectMeta.Namespace, i.ObjectMeta.Name) ruleType = "PathPrefix" } templateObjects.Frontends[r.Host+pa.Path].Routes[pa.Path] = types.Route{ Rule: ruleType + ":" + pa.Path, } } service, exists, err := k8sClient.GetService(i.ObjectMeta.Namespace, pa.Backend.ServiceName) if err != nil || !exists { log.Warnf("Error retrieving service %s/%s: %v", i.ObjectMeta.Namespace, pa.Backend.ServiceName, err) delete(templateObjects.Frontends, r.Host+pa.Path) continue } protocol := "http" for _, port := range service.Spec.Ports { if equalPorts(port, pa.Backend.ServicePort) { if port.Port == 443 { protocol = "https" } endpoints, exists, err := k8sClient.GetEndpoints(service.ObjectMeta.Namespace, service.ObjectMeta.Name) if err != nil || !exists { log.Errorf("Error retrieving endpoints %s/%s: %v", service.ObjectMeta.Namespace, service.ObjectMeta.Name, err) continue } if len(endpoints.Subsets) == 0 { log.Warnf("Endpoints not found for %s/%s, falling back to Service ClusterIP", service.ObjectMeta.Namespace, service.ObjectMeta.Name) templateObjects.Backends[r.Host+pa.Path].Servers[string(service.UID)] = types.Server{ URL: protocol + "://" + service.Spec.ClusterIP + ":" + strconv.Itoa(int(port.Port)), Weight: 1, } } else { for _, subset := range endpoints.Subsets { for _, address := range subset.Addresses { url := protocol + "://" + address.IP + ":" + strconv.Itoa(endpointPortNumber(port, subset.Ports)) name := url if address.TargetRef != nil && address.TargetRef.Name != "" { name = address.TargetRef.Name } templateObjects.Backends[r.Host+pa.Path].Servers[name] = types.Server{ URL: url, Weight: 1, } } } } break } } } } } return &templateObjects, nil }