Hi
I try to run traefik (using docker & swarm) and protect the dashboard using a basic auth http like this:
traefik:
image: traefik:v1.7
deploy:
# ...
labels:
- traefik.frontend.rule=Host:foo.bar.baz
- traefik.enable=true
- traefik.port=8080
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
- traefik.webservice.frontend.entryPoints=https
- traefik.frontend.auth.basic.users=user:password
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: >
--docker
--docker.swarmmode
--docker.watch
--docker.exposedbydefault=false
--constraints=tag==traefik-public
--entrypoints='Name:http Address::80'
--entrypoints='Name:https Address::443 TLS'
--consul
--consul.endpoint="consul-leader:8500"
--acme
--acme.email=acme.foo@bar.baz
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onhostrule=true
--acme.acmelogging=true
--logLevel=INFO
--accessLog
--api
--api.statistics.recenterrors=25
It work great, but when I am on HEALTH (on foo.bar.baz/dashboard/status) I see thoses 401 (from Traefik himself):
Any idea how to fix this properly ?
Thanks
PS: I follow this guide
PS2: also on stackoverflow
This is probably not very helpful on it's own but it might help get the question answered:
First, you should not mix command line configuration and traefik.toml configuration. It does not appear, that you define the entrypoints on your command line, but you used them in your labels. If they come from toml, then you need to review that.
If they come from the ellipsis on docker command line, then you should probably put them in your question, it will help people who are willing to try and reproduce what you are seeing to do just that.
Secondly, without trying what you are observing intuitively, this is something that browsers support out of the box: that is if you use basic auth and you authenticated, then all XMLHttpRequest
's against the same domain by default will use the cached credentials, so result that you are getting is quite surprising. What browser are you using?
To narrow it down you might also want to try it without swarm, not that it's likely that swarm is the culprit, it's just easier for other people to run your configuration on vanilla docker, if they want to try.
Finally, providing complete minimal configuration my help for the same reason, so that it would be possible to reproduce.
I did not try running yours because I do not have swarm configured, but I'd happily run a self-contained docker-compose.yaml
if you have one to try and see if I'm getting the same output.
First, you should not mix command line configuration and traefik.toml configuration. It does not appear, that you define the entrypoints on your command line, but you used them in your labels. If they come from toml, then you need to review that.
For the information, I follow this setup: Traefik Proxy with HTTPS - Docker Swarm Rocks
I'm not a pro but I guess it's because I want to have entrypoints using docker labels. I don't want to maintain a toml file.
Secondly, without trying what you are observing intuitively, this is something that browsers support out of the box: that is if you use basic auth and you authenticated, then all XMLHttpRequest
's against the same domain by default will use the cached credentials, so result that you are getting is quite surprising. What browser are you using?
I'm on Firefox, but I have the same issue on Chrome & Brave.
What's strange is that in my network tab, all response status code are 200.
https://streamable.com/k5ssp
(click here for watch a short video)
To narrow it down you might also want to try it without swarm, not that it's likely that swarm is the culprit, it's just easier for other people to run your configuration on vanilla docker, if they want to try.
I will try to do it.