-
Notifications
You must be signed in to change notification settings - Fork 117
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
964b624
commit 734c758
Showing
4 changed files
with
358 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,243 @@ | ||
{%- import "_macros.jinja" as macros -%} | ||
{# | ||
Note: indentation of 6 spaces is important because that's the depth level | ||
of container labels in a docker-compose file. | ||
#} | ||
|
||
{# Echo all path prefixes in a Traefik rule #} | ||
{%- macro path_prefix_rule(path_prefixes) %} | ||
{%- set _ns = namespace(with_slash=[], without_slash=[]) %} | ||
{%- for prefix in path_prefixes %} | ||
{%- if prefix.endswith("/") %} | ||
{%- set _ns.with_slash = _ns.with_slash + [prefix] %} | ||
{%- else %} | ||
{%- set _ns.with_slash = _ns.with_slash + ["%s/" % prefix] %} | ||
{%- set _ns.without_slash = _ns.without_slash + [prefix] %} | ||
{%- endif %} | ||
{%- endfor -%} | ||
(PathPrefix( | ||
{%- for path in _ns.with_slash -%} | ||
`{{ path }}` | ||
{%- if not loop.last %}, {% endif %} | ||
{%- endfor -%} | ||
) | ||
{%- if _ns.without_slash %} || Path( | ||
{%- for path in _ns.without_slash -%} | ||
`{{ path }}` | ||
{%- if not loop.last %}, {% endif %} | ||
{%- endfor -%} | ||
) | ||
{%- endif -%} | ||
) | ||
{%- endmacro %} | ||
|
||
{# Echo all domains of a group, in a Traefik rule #} | ||
{%- macro domains_rule(domain_group) -%} | ||
Host: | ||
{%- for host in domain_group.hosts -%} | ||
{{ host }} | ||
{%- if not loop.last %}, {% endif %} | ||
{%- endfor -%} | ||
{%- if domain_group.path_prefixes %} && {{ path_prefix_rule(domain_group.path_prefixes) }} | ||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
|
||
{%- macro key(project_name, odoo_version, suffix) %} | ||
{{- '%s-%.1f-%s'|format(project_name, odoo_version, suffix)|replace('.', '-') }} | ||
{%- endmacro %} | ||
|
||
{#- Basic labels for a single router #} | ||
{%- macro router(domain_group, key, suffix, rule=none, service=none, middlewares=()) %} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.rule: | ||
{{ rule|default(domains_rule(domain_group), true) }} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.service: | ||
{{ key }}-{{ service|default("main", true) }} | ||
{%- if domain_group.entrypoints %} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.entrypoints: | ||
{{ domain_group.entrypoints|sort|join(", ") }} | ||
{%- endif %} | ||
{%- if middlewares %} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.middlewares: | ||
{{ key }}-{{ middlewares|sort|join(", %s-" % key) }} | ||
{%- endif %} | ||
|
||
{%- if domain_group.cert_resolver %} | ||
|
||
{#- Add TLS configuraiton #} | ||
{%- if suffix.endswith("-secure") %} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.tls: "true" | ||
{%- if domain_group.cert_resolver is string %} | ||
traefik.http.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.tls.certResolver: | ||
{{ domain_group.cert_resolver }} | ||
{%- endif %} | ||
|
||
{#- Create TLS-only router; | ||
HACK https://github.com/containous/traefik/issues/7235 #} | ||
{%- else %} | ||
{{- router(domain_group, key, "%s-secure" % suffix, rule, service, middlewares) }} | ||
{%- endif %} | ||
|
||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
{%- macro common_middlewares(key, cidr_whitelist) %} | ||
{#- Common middlewares #} | ||
traefik.http.middlewares.{{ key }}-buffering.buffering.retryExpression: | ||
IsNetworkError() && Attempts() < 5 | ||
traefik.http.middlewares.{{ key }}-compress.compress: "true" | ||
? traefik.http.middlewares.{{ key }}-forbid-crawlers.headers.customResponseHeaders.X-Robots-Tag | ||
: "noindex, nofollow" | ||
traefik.http.middlewares.{{ key }}-addSTS.headers.forceSTSHeader: "true" | ||
traefik.http.middlewares.{{ key }}-forceSecure.redirectScheme.scheme: https | ||
traefik.http.middlewares.{{ key }}-forceSecure.redirectScheme.permanent: "true" | ||
{%- if cidr_whitelist %} | ||
{#- Declare whitelist middleware #} | ||
? traefik.http.middlewares.{{ key }}-whitelist.IPWhiteList.sourceRange | ||
: {% for cidr in cidr_whitelist -%} | ||
{{ cidr }}{% if not loop.last %}, {% endif %} | ||
{%- endfor %} | ||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
{%- macro odoo(domain_groups_list, cidr_whitelist, key, odoo_version, | ||
paths_without_crawlers, project_name) %} | ||
{#- Service #} | ||
traefik.http.services.{{ key }}-main.loadbalancer.server.port: 8069 | ||
traefik.http.services.{{ key }}-longpolling.loadbalancer.server.port: 8072 | ||
|
||
{%- call(domain_group) macros.domains_loop_grouped(domain_groups_list) %} | ||
{#- Remember basic middlewares for this domain group #} | ||
{%- set _ns = namespace(basic_middlewares=[]) -%} | ||
{%- if cidr_whitelist %} | ||
{%- set _ns.basic_middlewares = _ns.basic_middlewares + ["whitelist"] %} | ||
{%- endif %} | ||
{%- if domain_group.cert_resolver %} | ||
{%- set _ns.basic_middlewares = _ns.basic_middlewares + ["addSTS", "forceSecure"] %} | ||
{%- endif %} | ||
|
||
{%- if domain_group.redirect_to %} | ||
{#- Redirections #} | ||
{%- if domain_group.redirect_permanent %} | ||
traefik.http.middlewares.{{ key }}-redirect-{{ domain_group.loop.index0 }}.redirectRegex.permanent: "true" | ||
{%- endif %} | ||
traefik.http.middlewares.{{ key }}-redirect-{{ domain_group.loop.index0 }}.redirectRegex.regex: ^(.*)://([^/]+)/(.*)$$ | ||
traefik.http.middlewares.{{ key }}-redirect-{{ domain_group.loop.index0 }}.redirectRegex.replacement: $$1://{{ domain_group.redirect_to }}/$$3 | ||
{{- | ||
router( | ||
domain_group=domain_group, | ||
key=key, | ||
suffix="redirect", | ||
middlewares=_ns.basic_middlewares + [ | ||
"compress", | ||
"redirect-%d" % domain_group.loop.index0, | ||
], | ||
) | ||
}} | ||
{%- else %} | ||
|
||
{#- When removing crawlers for /, this router is the same as forbiddenCrawlers, so no need to duplicate #} | ||
{%- if paths_without_crawlers != ["/"] or domain_group.path_prefixes %} | ||
{#- Main router #} | ||
{{- | ||
router( | ||
domain_group=domain_group, | ||
key=key, | ||
suffix="main", | ||
middlewares=_ns.basic_middlewares + [ | ||
"buffering", | ||
"compress", | ||
], | ||
) | ||
}} | ||
{%- endif %} | ||
|
||
{#- Longpolling router #} | ||
{%- if not domain_group.path_prefixes %} | ||
{%- set longpolling_route = "PathPrefix(`/longpolling/`)" if odoo_version < 16 else "Path(`/websocket`)" -%} | ||
{{- | ||
router( | ||
domain_group=domain_group, | ||
key=key, | ||
suffix="longpolling", | ||
rule="%s && %s" % (domains_rule(domain_group), longpolling_route), | ||
service="longpolling", | ||
middlewares=_ns.basic_middlewares, | ||
) | ||
}} | ||
{%- endif %} | ||
|
||
{#- Forbidden crawlers router #} | ||
{%- if paths_without_crawlers and not domain_group.path_prefixes %} | ||
{{- | ||
router( | ||
domain_group=domain_group, | ||
key=key, | ||
suffix="forbiddenCrawlers", | ||
rule="%s && %s" % ( | ||
domains_rule(domain_group), | ||
path_prefix_rule(paths_without_crawlers), | ||
), | ||
middlewares=_ns.basic_middlewares + [ | ||
"buffering", | ||
"compress", | ||
"forbid-crawlers", | ||
], | ||
) | ||
}} | ||
{%- endif %} | ||
{%- endif %} | ||
{%- endcall %} | ||
{%- endmacro %} | ||
|
||
{#- Basic labels for a single router #} | ||
{%- macro router_tcp(domain_group, key, suffix, rule=none, service=none, middlewares=(), port=none) %} | ||
{%- if port %} | ||
traefik.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.port: {{ port }} | ||
{%- endif %} | ||
traefik.tcp.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.rule: | ||
{{ rule|default(domains_rule(domain_group), true) }} | ||
traefik.tcp.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.service: | ||
{{ key }}-{{ service|default("main", true) }} | ||
{%- if domain_group.entrypoints %} | ||
traefik.tcp.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.entrypoints: | ||
{{ domain_group.entrypoints|sort|join(", ") }} | ||
{%- endif %} | ||
{%- if middlewares %} | ||
traefik.tcp.routers.{{ key }}-{{ suffix }}-{{ domain_group.loop.index0 }}.middlewares: | ||
{{ key }}-{{ middlewares|sort|join(", %s-" % key) }} | ||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
{%- macro database(domain_groups_list, cidr_whitelist, key, port, project_name) %} | ||
{#- Service #} | ||
traefik.tcp.services.{{ key }}-database.loadbalancer.server.port: 5432 | ||
|
||
{%- if cidr_whitelist %} | ||
{#- Declare whitelist middleware #} | ||
? traefik.tcp.middlewares.{{ key }}-whitelist.IPWhiteList.sourceRange | ||
: {% for cidr in cidr_whitelist -%} | ||
{{ cidr }}{% if not loop.last %}, {% endif %} | ||
{%- endfor %} | ||
{%- endif %} | ||
|
||
{%- call(domain_group) macros.domains_loop_grouped(domain_groups_list) %} | ||
{#- Remember basic middlewares for this domain group #} | ||
{%- set _ns = namespace(basic_middlewares=[]) -%} | ||
{%- if cidr_whitelist %} | ||
{%- set _ns.basic_middlewares = _ns.basic_middlewares + ["whitelist"] %} | ||
{%- endif %} | ||
|
||
{#- database router #} | ||
{{- | ||
router_tcp( | ||
domain_group=domain_group, | ||
key=key, | ||
suffix="database", | ||
service="database", | ||
middlewares=_ns.basic_middlewares, | ||
port=port, | ||
) | ||
}} | ||
{%- endcall %} | ||
{%- endmacro %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
{%- import "_macros.jinja" as macros -%} | ||
|
||
{# Echo all path prefixes in a Traefik rule #} | ||
{%- macro path_prefix_rule(path_prefixes) -%} | ||
Path: | ||
{%- for path in path_prefixes %} | ||
{%- if path.endswith("/") %} | ||
{{- path }}{anything:.*} | ||
{%- else %} | ||
{{- path }},{{ path }}/{anything:.*} | ||
{%- endif %} | ||
{%- if not loop.last %},{% endif %} | ||
{%- endfor %} | ||
{%- endmacro %} | ||
|
||
{# Echo all domains of a group, in a Traefik rule #} | ||
{%- macro domains_rule(hosts, path_prefixes=()) -%} | ||
Host(`{{ hosts | join('`, `') }}`) | ||
{%- if path_prefixes -%} | ||
;{{ path_prefix_rule(path_prefixes) }} | ||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
{#- Basic labels for a single router #} | ||
{%- macro router(prefix, index0, rule, entrypoints=(), port=none) %} | ||
traefik.{{ prefix }}-{{ index0 }}.frontend.rule: {{ rule }} | ||
{%- if entrypoints %} | ||
traefik.{{ prefix }}-{{ index0 }}.frontend.entryPoints: | ||
{{ entrypoints|sort|join(",") }} | ||
{%- endif %} | ||
{%- if port %} | ||
traefik.{{ prefix }}-{{ index0 }}.port: {{ port }} | ||
{%- endif %} | ||
{%- endmacro %} | ||
|
||
{%- macro odoo(domain_groups_list, paths_without_crawlers, odoo_version) %} | ||
traefik.domain: {{ macros.first_main_domain(domain_groups_list)|tojson }} | ||
{%- call(domain_group) macros.domains_loop_grouped(domain_groups_list) %} | ||
|
||
{#- Route redirections #} | ||
{%- if domain_group.redirect_to %} | ||
traefik.alt-{{ domain_group.loop.index0 }}.frontend.redirect.regex: ^(.*)://([^/]+)/(.*)$$ | ||
traefik.alt-{{ domain_group.loop.index0 }}.frontend.redirect.replacement: $$1://{{ domain_group.redirect_to }}/$$3 | ||
{{- | ||
router( | ||
prefix="alt", | ||
index0=domain_group.loop.index0, | ||
rule=domains_rule(domain_group.hosts, domain_group.path_prefixes), | ||
entrypoints=domain_group.entrypoints, | ||
) | ||
}} | ||
{%- else %} | ||
|
||
{#- Forbidden crawler routers #} | ||
{%- if paths_without_crawlers and not domain_group.path_prefixes %} | ||
traefik.forbiddenCrawlers-{{ domain_group.loop.index0 }}.frontend.headers.customResponseHeaders: | ||
"X-Robots-Tag:noindex, nofollow" | ||
{{- | ||
router( | ||
prefix="forbiddenCrawlers", | ||
index0=domain_group.loop.index0, | ||
rule=domains_rule(domain_group.hosts, paths_without_crawlers), | ||
entrypoints=domain_group.entrypoints, | ||
) | ||
}} | ||
{%- endif %} | ||
|
||
{#- Normal routers #} | ||
{%- if paths_without_crawlers != ["/"] or domain_group.path_prefixes %} | ||
{{- | ||
router( | ||
prefix="main", | ||
index0=domain_group.loop.index0, | ||
rule=domains_rule(domain_group.hosts, domain_group.path_prefixes), | ||
entrypoints=domain_group.entrypoints, | ||
) | ||
}} | ||
{%- endif %} | ||
{%- if not domain_group.path_prefixes %} | ||
{%- set longpolling_route = "/longpolling/" if odoo_version < 16 else "/websocket" -%} | ||
{{- | ||
router( | ||
prefix="longpolling", | ||
index0=domain_group.loop.index0, | ||
rule=domains_rule(domain_group.hosts, [longpolling_route]), | ||
entrypoints=domain_group.entrypoints, | ||
port=8072, | ||
) | ||
}} | ||
{%- endif %} | ||
{%- endif %} | ||
{%- endcall %} | ||
{%- endmacro %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters