分享:禁用 swagger ui, actuator 等,防止暴露相关信息
K8S Traefik Ingress
为了提升所谓的安全性
创建一个 Middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: block-swagger
namespace: line-database
spec:
replacePathRegex:
regex: ^/(swagger-ui/|swagger-ui\.html|v3/api-docs|actuator)(.*)$
replacement: /traefik-blocked应用到 Ingress 的 annotations
traefik.ingress.kubernetes.io/router.middlewares: line-database-block-swagger@kubernetescrd独立部署 Nginx
http {
server {
location ~ ^/(swagger-ui/|swagger-ui\.html|v3/api-docs|actuator)(/.*)?$ {
return 403; # Return 403 Forbidden
# Alternatively, use `return 404;` for Not Found
}
...
}
}