0

In the end, after a LOT of time spent on configuration, I’m out of ideas. Something that’s supposed to be quite simple is becoming rather complicated. Hopefully, someone else can help me find the solution.

I’m trying to run a container with Traefik. Instead of putting all the configuration in the container's docker-compose file (docker-compose.yml), as many people do, I’m placing the configuration in a dedicated file (traefik.yml) since that’s more flexible for me.

I have the following docker-compose.yml file for Traefik:

version: "3.8" services: traefik: image: traefik:latest hostname: traefik container_name: traefik restart: unless-stopped command: - "--configFile=/traefik.yml" networks: - traefik_gw_bridge ports: - 80:80 - 443:443 - 8080:8080 volumes: - ./traefik.yml:/traefik.yml - logs:/logs - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 10s timeout: 6s retries: 2 start_period: 5s networks: traefik_gw_bridge: driver: bridge external: true volumes: letsencrypt: logs:

And these are the configuration parameters I am using for traefik.yml:

api: dashboard: true insecure: false ping: entryPoint: web providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false entryPoints: web: address: ":80" websecure: address: ":443" traefik: address: ":8080" http: routers: dashboard: rule: "Host(`traefikdash.mydomain.com`)" entryPoints: - traefik service: api@internal middlewares: - auth middlewares: auth: basicAuth: users: - "admin:$apr1$Nzj4xQwY$QiXQ/eYHzKTFS.Lx.6XG71" log: filePath: "/logs/traefik.log" format: json level: DEBUG accessLog: filePath: "/logs/access.log" bufferingSize: 150 certificatesResolvers: le: acme: email: "[email protected]" storage: "/letsencrypt/acme.json" httpChallenge: entryPoint: "web"

Logically, in the following part of the configuration file, I am trying to define a router to set up basic authentication with a username and password for the Dashboard:

http: routers: dashboard: rule: "Host(`traefikdash.mydomain.com`)" # Reemplaza `yourdomain.com` con tu dominio entryPoints: - traefik service: api@internal middlewares: - auth middlewares: auth: basicAuth: users: - "admin:$apr1$Nzj4xQwY$QiXQ/eYHzKTFS.Lx.6XG71"

I am unable to get the result I want. When I access traefikdash.mydomain.com or traefikdash.mydomain.com:8080 or traefikdash.mydomain.com:8080/dashboard / traefikdash.mydomain.com/dashboard, I simply get the following responses from Traefik and my browser:

  • HTTP 404 Page not found
  • Error connection refused

After trying various types of configurations, I simply can't find much more information on how to implement HTTP basic auth to access the Traefik Dashboard.

Improve this question

1 Answer 1

Reset to default
0

Finally, I found the solution.

The Traefik documentation isn't bad, but sometimes it isn't very specific either, and I needed to rely on the StackOverflow community to find the answer definitively.

Traefik handles dedicated configurations (configuration files) in different ways.

  • Static configuration of Traefik = traefik.yml
  • Dynamic configuration of Traefik = config.yml

The dynamic configuration is basically the configuration of routers and middlewares provided to each provider, in my case, Static File Configuration.

So, finally, from traefik.yml, you need to reference a dynamic configuration file where you can implement HTTP Basic Auth, as follows:

  • traefik.yml:
 api: dashboard: true insecure: false ping: entryPoint: web providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: filename: /config.yml watch: true entryPoints: web: address: ":80" websecure: address: ":443" traefik: address: ":8080" log: filePath: "/logs/traefik.log" format: json level: DEBUG accessLog: filePath: "/logs/access.log" bufferingSize: 150 certificatesResolvers: le: acme: email: "[email protected]" storage: "/letsencrypt/acme.json" httpChallenge: entryPoint: "web"
  • config.yml:
 http: routers: dashboard: rule: "Host(`yourdomain.domain.com`)" entryPoints: - traefik service: api@internal middlewares: - auth middlewares: auth: basicAuth: users: - "user:password"

In this way, when I accessed my URL domain, e.g., yourdomain.domain.com:8080, it correctly prompted me for user authentication.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.