EventHub/EventHubBack
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62bc62f990eea686ef99b16506ee444d71a30cef
EventHubBack/docker/traefik/dynamic_conf.yml

165 lines
4.7 KiB
YAML
Raw Blame History

tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/traefik.crt
keyFile: /etc/traefik/certs/traefik.key
certificates:
- certFile: /etc/traefik/certs/traefik.crt
keyFile: /etc/traefik/certs/traefik.key
http:
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: true
waf:
plugin:
coraza:
directives:
# - "SecRuleEngine DetectionOnly" # можно раскомментировать для тестирования
- "SecRuleEngine On"
- "SecDebugLog /dev/stdout"
- "SecDebugLogLevel 2"
# - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
- "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""
api-ratelimit:
rateLimit:
average: 100
period: 1m
burst: 50
admin-ratelimit:
rateLimit:
average: 20
period: 1m
burst: 5
routers:
# --- REST API пользователей ---
api:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https", "api-ratelimit", "waf"]
service: "api"
api-secure:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["api-ratelimit", "waf"]
service: "api"
# --- WebSocket пользователей (без WAF) ---
ws:
rule: "Host(`ws.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "ws"
ws-secure:
rule: "Host(`ws.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
service: "ws"
# --- Админ-панель (SPA) ---
admin-ui:
rule: "Host(`admin.eventhub.local`) && !PathPrefix(`/api/`) && !PathPrefix(`/ws/`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "admin-ui-service"
admin-ui-secure:
rule: "Host(`admin.eventhub.local`) && !PathPrefix(`/api/`) && !PathPrefix(`/ws/`)"
entryPoints: ["websecure"]
tls: true
service: "admin-ui-service"
# --- Проксирование /api/ на админский REST ---
admin-api-proxy:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/api/`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https", "admin-ratelimit", "waf"]
service: "admin-api"
admin-api-proxy-secure:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/api/`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["admin-ratelimit", "waf"]
service: "admin-api"
# --- Проксирование /ws/ на админский WebSocket ---
admin-ws-proxy:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/ws/`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
service: "admin-ws"
admin-ws-proxy-secure:
rule: "Host(`admin.eventhub.local`) && PathPrefix(`/ws/`)"
entryPoints: ["websecure"]
tls: true
service: "admin-ws"
services:
# --- Пользовательский REST API (failover) ---
api:
failover:
service: api-live
fallback: api-fallback
api-live:
loadbalancer:
servers:
- url: "http://eventhub-node1:8080"
- url: "http://eventhub-node2:8080"
- url: "http://eventhub-node3:8080"
healthCheck:
path: "/health"
interval: "10s"
timeout: "3s"
api-fallback:
loadbalancer:
servers:
- url: "http://fallback:80"
# --- Пользовательский WebSocket ---
ws:
loadbalancer:
servers:
- url: "http://eventhub-node1:8081"
- url: "http://eventhub-node2:8081"
- url: "http://eventhub-node3:8081"
# --- Админский REST (failover) ---
admin-api:
failover:
service: admin-api-live
fallback: admin-api-fallback
admin-api-live:
loadbalancer:
servers:
- url: "http://eventhub-node1:8445"
- url: "http://eventhub-node2:8445"
- url: "http://eventhub-node3:8445"
healthCheck:
path: "/health"
interval: "10s"
timeout: "3s"
admin-api-fallback:
loadbalancer:
servers:
- url: "http://fallback:80"
# --- Админский WebSocket ---
admin-ws:
loadbalancer:
servers:
- url: "http://eventhub-node1:8446"
- url: "http://eventhub-node2:8446"
- url: "http://eventhub-node3:8446"
# --- SPA (админ‑панель) ---
admin-ui-service:
loadbalancer:
servers:
- url: "http://admin-ui:80"
Reference in New Issue View Git Blame Copy Permalink