gbanyan/GB-Traefik
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Cloudflare plugin middleware

Browse Source
This commit is contained in:
Gbanyan
2025-11-12 11:32:19 +08:00
parent 7144699a77
commit c9039feeab
3 changed files with 6 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -48,13 +48,13 @@ label:
- "traefik.http.routers.service-name.entrypoints=websecure" - "traefik.http.routers.service-name.entrypoints=websecure"
``` ```
Besides the entrypoint setup, I add cloudflare proxy (for exposing real ip to access.log for crowdsec to read), crowdsec-firewall-bouncer, compression with brotli middlrewares method in traefik.yml and dynamic.yml Besides the entrypoint setup, I add CrowdSec firewall bouncer plus a compression middleware (brotli/gzip/zstd) defined in `dynamic.yml`. Cloudflares IP ranges are injected directly into `traefik.yml` by a helper script, so no extra plugin middleware is required anymore.
Adding middlewares is also guided by labels: Adding middlewares is also guided by labels:
```yaml ```yaml
label: label:
- "traefik.http.routers.service-name.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file" - "traefik.http.routers.service-name.middlewares=crowdsec@file,compress-middleware@file"
``` ```
The order of middlewares is meaningful. The order of middlewares is meaningful.
@@ -73,7 +73,7 @@ labels:
- "traefik.http.routers.ghost.rule=Host(`blog.gbanyan.net`)" - "traefik.http.routers.ghost.rule=Host(`blog.gbanyan.net`)"
- "traefik.http.services.ghost.loadbalancer.server.port=2368" - "traefik.http.services.ghost.loadbalancer.server.port=2368"
- "traefik.http.routers.ghost.tls.certresolver=letsencrypt" - "traefik.http.routers.ghost.tls.certresolver=letsencrypt"
- "traefik.http.routers.ghost.middlewares=cloudflarewarp@file,crowdsec@file,compress-middleware@file" - "traefik.http.routers.ghost.middlewares=crowdsec@file,compress-middleware@file"
- "com.centurylinklabs.watchtower.enable=true" - "com.centurylinklabs.watchtower.enable=true"
- "traefik.docker.network=traefik_default" - "traefik.docker.network=traefik_default"
``` ```
@@ -91,6 +91,6 @@ PS: Because I access my traefik dashboard through my local network. I commented
2. ChangeLog: 2. ChangeLog:
- 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision. - 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.
- 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it. - 2025.4.21 Fix the trusted IP settings; later replaced by an internal updater instead of the traefik-plugin-cloudflare.
- 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main) - 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
- 2025.4.18 Temp disable the compression middleware. It has MIME type bugs. - 2025.4.18 Temp disable the compression middleware. It has MIME type bugs.

8
dynamic.yml
View File

@@ -4,12 +4,6 @@ http:
headers: headers:
customRequestHeaders: customRequestHeaders:
Host: "" # This will catch requests with no Host header or invalid ones Host: "" # This will catch requests with no Host header or invalid ones
cloudflarewarp:
plugin:
cloudflare:
trustedCIDRs: []
overwriteRequestHeader: true
debug: false
crowdsec: crowdsec:
plugin: plugin:
bouncer: bouncer:
@@ -51,4 +45,4 @@ http:
qbit: qbit:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://192.168.50.4:8083" - url: "http://192.168.50.4:8083"

3
traefik.yml
View File

@@ -129,9 +129,6 @@ metrics:
experimental: experimental:
plugins: plugins:
cloudflare:
moduleName: github.com/agence-gaya/traefik-plugin-cloudflare
version: v1.2.0
bouncer: bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.4.2 version: v1.4.2