Skip to main content

Simple Setup

This guide covers setting up the ELLIO Traefik Middleware Plugin on a standalone Traefik deployment. This is the most common setup for production environments where Traefik runs as the primary reverse proxy.

Prerequisites

  • Docker and Docker Compose (recommended) or standalone Traefik installation
  • Bootstrap token from your custom EDL configured for "Traefik Middleware"

Step 1: Configure Traefik

Configure Traefik to load the ELLIO plugin and create middleware instances.

Static Configuration

# traefik.yml
api:
  dashboard: true
  insecure: true  # Set to false in production

entryPoints:
  web:
    address: :80
  websecure:
    address: :443

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
  file:
    filename: /etc/traefik/dynamic.yml
    watch: true

# ELLIO Plugin Configuration
experimental:
  plugins:
    ellio:
      moduleName: github.com/ELLIO-Technology/ELLIO-Traefik-Middleware-Plugin
      version: v1.0.1

log:
  level: INFO

accessLog: {}

Dynamic Configuration

dynamic.yml
http:
  middlewares:
    # ELLIO EDL Middleware
    ellio-edl:
      plugin:
        ellio:
          bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN"
          logLevel: "info"
          ipStrategy: "direct"  # Change based on your setup


  routers:
    # Protected application
    protected-app:
      rule: "Host(`app.example.com`)"
      service: my-app
      middlewares:
        - ellio-edl
      entryPoints:
        - web

    # Dashboard (secure in production)
    api:
      rule: "Host(`traefik.example.com`)"
      service: api@internal
      entryPoints:
        - web

  services:
    my-app:
      loadBalancer:
        servers:
          - url: "http://192.168.1.100:8080"

Step 2: Deploy with Docker Compose

Docker Compose Examples

docker-compose.yml
version: '3.8'

services:
  traefik:
    image: traefik:v3.2
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"  # Dashboard - secure in production
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./dynamic.yml:/etc/traefik/dynamic.yml:ro
    environment:
    networks:
      - web

  # Example backend service
  whoami:
    image: traefik/whoami
    container_name: whoami
    networks:
      - web
    labels:
      - "traefik.enable=false"  # Using file provider

networks:
  web:
    driver: bridge

Start Your Services

# Start services
docker-compose up -d

# View logs
docker-compose logs -f traefik

Step 3: Test Your Setup

Verify Plugin Loading

# Check Traefik logs for ELLIO plugin initialization
docker logs traefik 2>&1 | grep -i ellio

# Should show messages like:
# Initializing ELLIO middleware for deployment: YOUR_DEPLOYMENT_ID

Once the plugin is active, blocked requests will appear in your ELLIO platform dashboard:

ELLIO Platform Logs Monitor blocked requests in real-time through the ELLIO platform

Test Access Control

# 1. Add your current IP to blocklist in ELLIO platform
# 2. Wait for EDL refresh (check your EDL update frequency)

# Test from blocked IP (should get 403)
curl -H "Host: app.example.com" http://localhost/
# Expected: 403 Forbidden

# Test from different IP or remove from blocklist
# Expected: Normal response

Configuration Options

IP Strategy Selection

Choose the appropriate IP extraction strategy for your setup:

# Use when Traefik receives direct client connections
middlewares:
  ellio-edl:
    plugin:
      ellio:
        bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN"
        ipStrategy: "direct"

Next Steps