From f9077d3f5e0c0b3b01d26d4bcae3cc5a6ab38e46 Mon Sep 17 00:00:00 2001 From: Yury Hrytsuk <50014626+YuryHrytsuk@users.noreply.github.com> Date: Wed, 8 Jan 2025 09:56:00 +0100 Subject: [PATCH] Traefik: introduce domain redirect (1st version) (#925) * Traefik: introduce domain redirect * Fix env vars * Update CI deps * Updates * Revert CI changes --- services/traefik/docker-compose.yml.j2 | 29 +++++++++++++++++++++++++ services/traefik/j2cli_customization.py | 22 +++++++++++++++++++ services/traefik/template.env | 4 ++++ 3 files changed, 55 insertions(+) create mode 100644 services/traefik/j2cli_customization.py diff --git a/services/traefik/docker-compose.yml.j2 b/services/traefik/docker-compose.yml.j2 index 7424204a..a19a23a3 100644 --- a/services/traefik/docker-compose.yml.j2 +++ b/services/traefik/docker-compose.yml.j2 @@ -146,6 +146,35 @@ services: - traefik.http.middlewares.strip-www.redirectregex.replacement=$${1}://$${2} - traefik.http.middlewares.strip-www.redirectregex.permanent=true + + ### + # Domain redirects + ### +{% set redirect_from_domains_list = TRAEFIK_DOMAINS_REDIRECT_FROM.split(',') %} +{% set redirect_to_domains_list = TRAEFIK_DOMAINS_REDIRECT_TO.split(',') %} +{% set redirect_is_permanent_list = TRAEFIK_DOMAINS_REDIRECT_IS_PERMANENT.split(',') %} + +{% for ix in range(redirect_from_domains_list | length) %} + +{% set from_domain = redirect_from_domains_list[ix] %} +{% set from_domain_no_dots = from_domain.replace(".", "-") %} +{% set to_domain = redirect_to_domains_list[ix] %} +{% set redirect_is_permanent = redirect_is_permanent_list[ix] %} + + # Regex below is redirecting any subdomains and path to new domain. + # Use https://regex101.com/r/58sIgx/2 for regex explanation and experimentation. + # Below we include dollar escaping and j2 expressions. It is not clean / pure regex + # You can fetch baked and clean regex from traefik dashboards. + - traefik.http.middlewares.redirect-{{ from_domain_no_dots }}.redirectregex.regex=^https?://((?:[a-zA-Z0-9-]+\.)*)*{{ from_domain }}(.*)$$ + - traefik.http.middlewares.redirect-{{ from_domain_no_dots }}.redirectregex.replacement=https://$${1}{{ to_domain }}$${2} + - traefik.http.middlewares.redirect-{{ from_domain_no_dots }}.redirectregex.permanent={{ redirect_is_permanent }} + - traefik.http.routers.{{ from_domain_no_dots }}.rule={{ generate_domain_capture_all_rule(from_domain) }} + - traefik.http.routers.{{ from_domain_no_dots }}.middlewares=redirect-{{ from_domain_no_dots }} + - traefik.http.routers.{{ from_domain_no_dots }}.entrypoints=https + - traefik.http.routers.{{ from_domain_no_dots }}.tls=true + +{% endfor %} + networks: public: null monitored: null diff --git a/services/traefik/j2cli_customization.py b/services/traefik/j2cli_customization.py new file mode 100644 index 00000000..aafdad4c --- /dev/null +++ b/services/traefik/j2cli_customization.py @@ -0,0 +1,22 @@ +def _generate_domain_capture_all_rule(domain: str) -> str: + rules = [ + f"Host(`{domain}`)", + f"Host(`www.{domain}`)", + f"Host(`invitations.{domain}`)", + f"Host(`services.{domain}`)", + f"HostRegexp(`{{subhost:[a-zA-Z0-9-]+}}.services.{domain}`)", + f"Host(`services.testing.{domain}`)", + f"HostRegexp(`{{subhost:[a-zA-Z0-9-]+}}.services.testing.{domain}`)", + f"Host(`pay.{domain}`)", + f"Host(`api.{domain}`)", + f"Host(`api.testing.{domain}`)", + f"Host(`testing.{domain}`)", + ] + return " || ".join(rules) + + +def j2_environment(env): + env.globals.update( + generate_domain_capture_all_rule=_generate_domain_capture_all_rule + ) + return env diff --git a/services/traefik/template.env b/services/traefik/template.env index bb36e5bf..c707b1b7 100644 --- a/services/traefik/template.env +++ b/services/traefik/template.env @@ -37,3 +37,7 @@ MONITORED_NETWORK=${MONITORED_NETWORK} WEBSERVER_HOST=${WEBSERVER_HOST} WEBSERVER_PORT=${WEBSERVER_PORT} + +TRAEFIK_DOMAINS_REDIRECT_FROM=${TRAEFIK_DOMAINS_REDIRECT_FROM} +TRAEFIK_DOMAINS_REDIRECT_TO=${TRAEFIK_DOMAINS_REDIRECT_TO} +TRAEFIK_DOMAINS_REDIRECT_IS_PERMANENT=${TRAEFIK_DOMAINS_REDIRECT_IS_PERMANENT}