EventHubBack/docker/traefik/dynamic_conf.yml

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certs/traefik.crt
        keyFile: /etc/traefik/certs/traefik.key
  certificates:
    - certFile: /etc/traefik/certs/traefik.crt
      keyFile: /etc/traefik/certs/traefik.key

http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

    waf:
      plugin:
        coraza:
          directives:
#            - "SecRuleEngine DetectionOnly"
            - "SecRuleEngine On"
            - "SecDebugLog /dev/stdout"
            - "SecDebugLogLevel 2"
#            - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
            - "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""

  routers:
    # --- REST API пользователей ---
    api:
      rule: "Host(`api.eventhub.local`)"
      entryPoints: ["web"]
      middlewares: ["redirect-to-https", "waf"]
      service: "api"
    api-secure:
      rule: "Host(`api.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
      middlewares: ["waf"]
      service: "api"

    # --- WebSocket пользователей ---
    ws:
      rule: "Host(`ws.eventhub.local`)"
      entryPoints: ["web"]
      middlewares: ["redirect-to-https"]
      service: "ws"
    ws-secure:
      rule: "Host(`ws.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
      service: "ws"

    # --- Админский REST ---
    admin-api:
      rule: "Host(`admin.eventhub.local`)"
      entryPoints: ["web"]
      middlewares: ["redirect-to-https", "waf"]
      service: "admin-api"
    admin-api-secure:
      rule: "Host(`admin.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
      middlewares: ["waf"]
      service: "admin-api"

    # --- Админский WebSocket ---
    admin-ws:
      rule: "Host(`admin-ws.eventhub.local`)"
      entryPoints: ["web"]
      middlewares: ["redirect-to-https"]
      service: "admin-ws"
    admin-ws-secure:
      rule: "Host(`admin-ws.eventhub.local`)"
      entryPoints: ["websecure"]
      tls: true
      service: "admin-ws"

  services:
    # === Пользовательский REST API (failover) ===
    api:
      failover:
        service: api-live
        fallback: api-fallback
    api-live:
      loadbalancer:
        servers:
          - url: "http://eventhub-node1:8080"
          - url: "http://eventhub-node2:8080"
          - url: "http://eventhub-node3:8080"
        healthCheck:
          path: "/health"
          interval: "10s"
          timeout: "3s"
    api-fallback:
      loadbalancer:
        servers:
          - url: "http://fallback:80"

    # === WebSocket пользователей ===
    ws:
      loadbalancer:
        servers:
          - url: "http://eventhub-node1:8081"
          - url: "http://eventhub-node2:8081"
          - url: "http://eventhub-node3:8081"

    # === Админский REST (failover) ===
    admin-api:
      failover:
        service: admin-api-live
        fallback: admin-api-fallback
    admin-api-live:
      loadbalancer:
        servers:
          - url: "http://eventhub-node1:8445"
          - url: "http://eventhub-node2:8445"
          - url: "http://eventhub-node3:8445"
        healthCheck:
          path: "/health"
          interval: "10s"
          timeout: "3s"
    admin-api-fallback:
      loadbalancer:
        servers:
          - url: "http://fallback:80"

    # === Админский WebSocket ===
    admin-ws:
      loadbalancer:
        servers:
          - url: "http://eventhub-node1:8446"
          - url: "http://eventhub-node2:8446"
          - url: "http://eventhub-node3:8446"