Hello, I am trying to set up traefik with aws ECS, I was able to get the dashboard working with insecure mode but I have been unsuccessful when attempting to lock down the dashboard with the basic auth middleware. Below is my ECS task definition:
TraefikTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Command:
- "--providers.ecs.autoDiscoverClusters=true"
- "--providers.ecs.exposedByDefault=true"
- "--providers.ecs.healthyTasksOnly=true"
- "--providers.ecs.refreshSeconds=15"
- "--ping=true"
- "--api=true"
- "--api.dashboard=true"
- "--api.debug=true"
- "--accesslog=true"
- "--accesslog.addinternals"
- "--accesslog.format=json"
- "--log.level=DEBUG"
Cpu: 1024
Essential: True
Image: "public.ecr.aws/docker/library/traefik:v3.1.2"
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref TraefikLogGroup
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: traefik-proxy-logs
Name: traefik-proxy
MountPoints:
- ContainerPath: /var/run/docker.sock
SourceVolume: docker-sock
PortMappings:
- ContainerPort: 8080
HostPort: 0
Protocol: tcp
DockerLabels:
# Router for API and Dashboard
"traefik.http.routers.dashboard.rule" : "Host(`my-host-name`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
"traefik.http.routers.dashboard.service": "api@internal"
"traefik.http.routers.dashboard.middlewares": "auth"
"traefik.http.middlewares.auth.basicauth.users": "user:password"
ExecutionRoleArn:
Fn::GetAtt: [ECSExecutionRole, Arn]
Memory: 1000
TaskRoleArn:
Fn::GetAtt: ECSTaskRole.Arn
Volumes:
- Host:
SourcePath: /var/run/docker.sock
Name: docker-sock
when i navigate to my-hostname.com/dashboard/ I get a generic 404 message and a log message that indicates the traffic is using the traefik entrypoint (i've omitted the rest of the log):
"entryPointName":"traefik"
I followed the docs here: Traefik Dashboard Documentation - Traefik
I should also mention that I have this service behind an ALB that does redirection from port 80 to port 443 with valid ssl certificates
anyone have an idea as to what I could be doing wrong here?