Plugin Bouncer Middleware
Appears in
.Values.ingressMiddlewares.traefik.$name.data
pluginName
Define the pluginName
| Key | ingressMiddlewares.traefik.$name.data.pluginName |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | bouncer |
Example
ingressMiddlewares: traefik: middleware-name: data: pluginName: my-plugin-nameenabled
Define the enabled
| Key | ingressMiddlewares.traefik.$name.data.enabled |
| Type | bool |
| Required | ✅ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: enabled: truelogLevel
Define the logLevel
| Key | ingressMiddlewares.traefik.$name.data.logLevel |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: logLevel: DEBUGupdateIntervalSeconds
Define the updateIntervalSeconds
| Key | ingressMiddlewares.traefik.$name.data.updateIntervalSeconds |
| Type | int |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: updateIntervalSeconds: 60updateMaxFailure
Define the updateMaxFailure
| Key | ingressMiddlewares.traefik.$name.data.updateMaxFailure |
| Type | int |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: updateMaxFailure: 0defaultDecisionSeconds
Define the defaultDecisionSeconds
| Key | ingressMiddlewares.traefik.$name.data.defaultDecisionSeconds |
| Type | int |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: defaultDecisionSeconds: 60httpTimeoutSeconds
Define the httpTimeoutSeconds
| Key | ingressMiddlewares.traefik.$name.data.httpTimeoutSeconds |
| Type | int |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: httpTimeoutSeconds: 10crowdsecMode
Define the crowdsecMode
| Key | ingressMiddlewares.traefik.$name.data.crowdsec |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecMode: livecrowdsecAppsecEnabled
Define the crowdsecAppsecEnabled
| Key | ingressMiddlewares.traefik.$name.data.crowdsecAppsecEnabled |
| Type | bool |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecAppsecEnabled: falsecrowdsecAppsecHost
Define the crowdsecAppsecHost
| Key | ingressMiddlewares.traefik.$name.data.crowdsecAppsecHost |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecAppsecHost: crowdsec:7422crowdsecAppsecFailureBlock
Define the crowdsecAppsecFailureBlock
| Key | ingressMiddlewares.traefik.$name.data.crowdsecAppsecFailureBlock |
| Type | bool |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecAppsecFailureBlock: truecrowdsecAppsecUnreachableBlock
Define the crowdsecAppsecUnreachableBlock
| Key | ingressMiddlewares.traefik.$name.data.crowdsecAppsecUnreachableBlock |
| Type | bool |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecAppsecUnreachableBlock: truecrowdsecLapiKey
Define the crowdsecLapiKey
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiKey |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiKey: privateKey-foocrowdsecLapiHost
Define the crowdsecLapiHost
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiHost |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiHost: crowdsec:8080crowdsecLapiScheme
Define the crowdsecLapiScheme
| Key | ingressMiddlewares.traefik.$name.data.crowdsec |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiScheme: httpcrowdsecLapiTLSInsecureVerify
Define the crowdsecLapiTLSInsecureVerify
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiTLSInsecureVerify |
| Type | bool |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiTLSInsecureVerify: falsecrowdsecCapiMachineId
Define the crowdsecCapiMachineId
| Key | ingressMiddlewares.traefik.$name.data.crowdsecCapiMachineId |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecCapiMachineId: logincrowdsecCapiPassword
Define the crowdsecCapiPassword
| Key | ingressMiddlewares.traefik.$name.data.crowdsecCapiPassword |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecCapiPassword: passwordcrowdsecCapiScenarios
Define the crowdsecCapiScenarios
| Key | ingressMiddlewares.traefik.$name.data.crowdsecCapiScenarios |
| Type | list of string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecCapiScenarios: - crowdsecurity/http-path-traversal-probing - crowdsecurity/http-xss-probing - crowdsecurity/http-generic-bfforwardedHeadersTrustedIPs
Define the forwardedHeadersTrustedIPs
| Key | ingressMiddlewares.traefik.$name.data.forwardedHeadersTrustedIPs |
| Type | list of string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: forwardedHeadersTrustedIPs: - 10.0.10.23/32 - 10.0.20.0/24clientTrustedIPs
Define the clientTrustedIPs
| Key | ingressMiddlewares.traefik.$name.data.clientTrustedIPs |
| Type | list of string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: clientTrustedIPs: - 192.168.1.0/24forwardedHeadersCustomName
Define the forwardedHeadersCustomName
| Key | ingressMiddlewares.traefik.$name.data.forwardedHeadersCustomName |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: forwardedHeadersCustomName: X-Custom-HeaderremediationHeadersCustomName
Define the remediationHeadersCustomName
| Key | ingressMiddlewares.traefik.$name.data.remediationHeadersCustomName |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: remediationHeadersCustomName: cs-remediationredisCacheEnabled
Define the redisCacheEnabled
| Key | ingressMiddlewares.traefik.$name.data.redisCacheEnabled |
| Type | bool |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: redisCacheEnabled: falseredisCacheHost
Define the redisCacheHost
| Key | ingressMiddlewares.traefik.$name.data.redisCacheHost |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: redisCacheHost: "redis:6379"redisCachePassword
Define the redisCachePassword
| Key | ingressMiddlewares.traefik.$name.data.redisCachePassword |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: redisCachePassword: passwordredisCacheDatabase
Define the redisCacheDatabase
| Key | ingressMiddlewares.traefik.$name.data.redisCacheDatabase |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: redisCacheDatabase: "5"crowdsecLapiTLSCertificateAuthority
Define the crowdsecLapiTLSCertificateAuthority
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiTLSCertificateAuthority |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiTLSCertificateAuthority: |- -----BEGIN CERTIFICATE----- MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT ... Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT -----END CERTIFICATE-----crowdsecLapiTLSCertificateBouncer
Define the crowdsecLapiTLSCertificateBouncer
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiTLSCertificateBouncer |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiTLSCertificateBouncer: |- -----BEGIN CERTIFICATE----- MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL ... RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz N2U= -----END CERTIFICATE-----crowdsecLapiTLSCertificateBouncerKey
Define the crowdsecLapiTLSCertificateBouncerKey
| Key | ingressMiddlewares.traefik.$name.data.crowdsecLapiTLSCertificateBouncerKey |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: crowdsecLapiTLSCertificateBouncerKey: |- -----BEGIN TOTALY NOT A SECRET----- MIIEogIBAAKCAQEAtYQnbJqifH+ZymePylDxGGLIuxzcAUU4/ajNj+qRAdI/Ux3d ... ic5cDRo6/VD3CS3MYzyBcibaGaV34nr0G/pI+KEqkYChzk/PZRA= -----END TOTALY NOT A SECRET-----captchaProvider
Define the captchaProvider
| Key | ingressMiddlewares.traefik.$name.data.captchaProvider |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: captchaProvider: hcaptchacaptchaSiteKey
Define the captchaSiteKey
| Key | ingressMiddlewares.traefik.$name.data.captchaSiteKey |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: captchaSiteKey: FIXMEcaptchaSecretKey
Define the captchaSecretKey
| Key | ingressMiddlewares.traefik.$name.data.captchaSecretKey |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: captchaSecretKey: FIXMEcaptchaGracePeriodSeconds
Define the captchaGracePeriodSeconds
| Key | ingressMiddlewares.traefik.$name.data.captchaGracePeriodSeconds |
| Type | int |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: captchaGracePeriodSeconds: 1800captchaHTMLFilePath
Define the captchaHTMLFilePath
| Key | ingressMiddlewares.traefik.$name.data.captchaHTMLFilePath |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: captchaHTMLFilePath: /captcha.htmlbanHTMLFilePath
Define the banHTMLFilePath
| Key | ingressMiddlewares.traefik.$name.data.banHTMLFilePath |
| Type | string |
| Required | ❌ |
Helm tpl | ❌ |
| Default | - |
Example
ingressMiddlewares: traefik: middleware-name: data: banHTMLFilePath: /ban.htmlFull Examples
ingressMiddlewares: traefik: middleware-name: enabled: true type: plugin-bouncer data: enabled: true logLevel: DEBUG updateIntervalSeconds: 60 updateMaxFailure: 0 defaultDecisionSeconds: 60 httpTimeoutSeconds: 10 crowdsecMode: live crowdsecAppsecEnabled: false crowdsecAppsecHost: crowdsec:7422 crowdsecAppsecFailureBlock: true crowdsecAppsecUnreachableBlock: true crowdsecLapiKey: privateKey-foo crowdsecLapiHost: crowdsec:8080 crowdsecLapiScheme: http crowdsecLapiTLSInsecureVerify: false crowdsecCapiMachineId: login crowdsecCapiPassword: password crowdsecCapiScenarios: - crowdsecurity/http-path-traversal-probing - crowdsecurity/http-xss-probing - crowdsecurity/http-generic-bf forwardedHeadersTrustedIPs: - 10.0.10.23/32 - 10.0.20.0/24 clientTrustedIPs: - 192.168.1.0/24 forwardedHeadersCustomName: X-Custom-Header remediationHeadersCustomName: cs-remediation redisCacheEnabled: false redisCacheHost: "redis:6379" redisCachePassword: password redisCacheDatabase: "5" crowdsecLapiTLSCertificateAuthority: |- -----BEGIN TOTALY NOT A CERT----- MIIEBzCCAu+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT ... Q0veeNzBQXg1f/JxfeA39IDIX1kiCf71tGlT -----END TOTALY NOT A CERT----- crowdsecLapiTLSCertificateBouncer: |- -----BEGIN TOTALY NOT A CERT----- MIIEHjCCAwagAwIBAgIUOBTs1eqkaAUcPplztUr2xRapvNAwDQYJKoZIhvcNAQEL ... RaXAnYYUVRblS1jmePemh388hFxbmrpG2pITx8B5FMULqHoj11o2Rl0gSV6tHIHz N2U= -----END TOTALY NOT A CERT----- captchaProvider: hcaptcha captchaSiteKey: FIXME captchaSecretKey: FIXME captchaGracePeriodSeconds: 1800 captchaHTMLFilePath: /captcha.html banHTMLFilePath: /ban.html