I am currently running an nginx server in front of a number of minio servers. Each minio server runs on its own port on localhost for a single user and nginx is used for SSL termination and forwarding to that internal process. The nginx config looks like this:
server {
listen 9000 ssl;
root /opt/local/share/nginx/foo.rna.nl;
server_name foo.rna.nl;
ssl_certificate /opt/local/etc/letsencrypt/live/foo.rna.nl/fullchain.pem;
ssl_certificate_key /opt/local/etc/letsencrypt/live/foo.rna.nl/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
client_max_body_size 1000m;
ignore_invalid_headers off;
error_log /opt/local/var/log/nginx/minio_error.log info;
access_log /opt/local/var/log/nginx/minio_access.log;
location / {
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_connect_timeout 300;
if ($http_authorization ~* "^AWS(4-HMAC-SHA256 Credential=| )XXXXXXXXXXXXXXXXXXXX") {
proxy_pass http://127.0.0.1:9002;
}
if ($http_authorization ~* "^AWS(4-HMAC-SHA256 Credential=| )YYYYYYYYYYYYYYYYYYYY") {
proxy_pass http://127.0.0.1:9003;
}
}
}
I am trying to find out (and failing) to turn this into
- A
traefik container based on a docker compose file (this I have already running, with a minimal web site as one service behind it)
- A number of
minio containers, each with its own data directory, on an 'internal' network inside docker
I will be able to set up those minio containers, but what I haven't been able to find out is how to replicate the SSL-termination and forwarding that I have in nginx — based on the authentication that a use provides to minio —in traefik
Can someone point me in the right direction? How do I do what is in this nginx config (based on nginx's $http_authorization variable) in `traefik?
