Skip to content
/ traefik-plugin-shellexec Public
generated from traefik/plugindemo

A Traefik plugin to execute shell scripts on Traefik host (Security Risk)

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tomMoulard/traefik-plugin-shellexec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

.github/workflows

.github/workflows

 
 

.gitignore

.gitignore

 
 

.golangci.toml

.golangci.toml

 
 

.traefik.yml

.traefik.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

shellexec.go

shellexec.go

 
 

shellexec_test.go

shellexec_test.go

 
 

Repository files navigation

traefik-plugin-shellexec

Build Status

WIP

This plugin is not currently possible since Yaegi does not support yet the os/exec package.

This is a plugin for Traefik which terminates a connection by executing a shell script.

Usage

Configuration

For now, there is no configuration required.

Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the http.middlewares section:

# Dynamic configuration

http:
  routers:
    my-router:
      rule: host(`demo.localhost`)
      service: service-foo
      entryPoints:
        - web
      middlewares:
        - traefik-plugin-shellexec

  services:
   service-foo:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:5000

  middlewares:
    traefik-plugin-shellexec:
      plugin:
        traefik-plugin-shellexec:
          enabled: true

Running

Once you have a running instance of this plugin, you can call the middleware with a POST request. Arguments on how to run commands on the host are provided using the body of the request.

The body can look like:

{
  "command": "cat -",
  "stdin": "test"
}

The equivalent of this request is: echo "test" | cat -.

The output of this request will result in:

{
  "return_code": "0",
  "stderr": "",
  "stdout": "test"
}

Dev Mode

Traefik also offers a developer mode that can be used for temporary testing of plugins not hosted on GitHub. To use a plugin in dev mode, the Traefik static configuration must define the module name (as is usual for Go packages) and a path to a Go workspace, which can be the local GOPATH or any directory.

# Static configuration
pilot:
  token: xxxxx

experimental:
  devPlugin:
    goPath: /plugins/go
    moduleName: github.com/tommoulard/traefik-plugin-shellexec

(In the above example, the shellexec plugin will be loaded from the path /plugins/go/src/github.com/tommoulard/traefik-plugin-shellexec.)

Dev Mode Limitations

Note that only one plugin can be tested in dev mode at a time, and when using dev mode, Traefik will shut down after 30 minutes.

TODO

  • Support more than POST requests
    • Query params
    • Headers
  • add more data to response
    • Time spent doing the command (can use time for now)
    • pid of the process (can use $! for now)
    • env (can use env for now)

About

A Traefik plugin to execute shell scripts on Traefik host (Security Risk)

Topics

traefik security-risk traefik-plugin

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

  •  
Learn more about GitHub Sponsors

Languages