Hi,
in Ningx i use proxy_set_header Authorization "Basic hash...";
for automatically connect to a service and I would like to know how to do it with Traefik because I cannot find it and I find that the documentation is not very clear on this subject.
Thanks
cakiwi
October 21, 2021, 9:50pm
2
I have already try with that : traefik.http.middlewares.testHeader.headers.customrequestheaders.authorization=NhZGdsfDFSGSDF"
but doesn't work
kevdog
October 22, 2021, 8:58pm
4
Take a look at this plugin:GitHub - adyanth/header-transform: Traefik plugin on header transformations
It's kind of unclear how to use the plugin however if you take a look at these two sources it might help:
opened 12:57AM - 23 Sep 21 UTC
It might help to add a non-dev configuration to the docs/README?
I know it's … still pretty experimental, but Traefik v2.5 supports local plugins now (it's really hard to find documentation on it though):
* https://github.com/traefik/traefik/pull/8224
* https://traefik.io/blog/using-private-plugins-in-traefik-proxy-2-5/
You can then mount this into the Traefik container with `docker-compose` like so:
(static configuration)
```yaml
command:
# This will be search for in /plugins-local/src/github.com/adyanth/header-transform
- "--experimental.localPlugins.header-transform.moduleName=github.com/adyanth/header-transform"
- "--providers.file.filename=/htransform-rules.yaml"
```
\+
```yaml
http:
middlewares:
header-transform:
plugin:
# Plugin name here is the part after `experimental.localPlugins`
header-transform:
Rules:
- Rule:
Name: 'X-Client-Port Set'
Header: 'X-Client-Port'
Value: '^X-Forwarded-Port'
HeaderPrefix: "^"
Type: 'Set'
- Rule:
Name: 'X-SSL-Cert Set'
Header: 'X-SSL-Cert'
Value: '^X-Forwarded-Tls-Client-Cert'
HeaderPrefix: "^"
Type: 'Set'
```
and
```yaml
volumes:
- "./traefik/htransform-rules.yaml:/htransform-rules.yaml"
- "./traefik/header-transform:/plugins-local/src/github.com/adyanth/header-transform"
```
Then you can simply add it to the middleware list for any http router as `header-transform@file`
and here is an example from another project that uses this plugin to change some things:
syncthing:main
← Cobertos:patch-1
opened 04:25AM - 24 Sep 21 UTC
Traefik's setup was convoluted, especially for rewriting headers to get `X-Clien… t-Port`. That's why I broke it up in the docs by header
and
syncthing:main
← Cobertos:patch-1
opened 04:25AM - 24 Sep 21 UTC
Traefik's setup was convoluted, especially for rewriting headers to get `X-Clien… t-Port`. That's why I broke it up in the docs by header
Hopefully those links will get you started. You can write/set/change headers.
Thanks for the plugin but the documentation ... so impossible to make it work
Hello @JamesAdams and thanks for your interest in Traefik!
@cakiwi is right using the Headers middleware should work. Maybe this is not working because you missed adding the authorization scheme to the header (see Authorization - HTTP | MDN ).
The middleware configuration should look like the following:
"traefik.http.middlewares.testHeader.headers.customrequestheaders.authorization=Basic NhZGdsfDFSGSDF"
Here is a working docker-compose example. Traefik adds the Authorization
header to the request forwarded to the whoami
backend (which only echo the received HTTP headers).
version: "3.9"
services:
traefik:
image: traefik:v2.5
command:
- --api.insecure
- --log.level=debug
- --providers.docker.exposedByDefault=false
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
ports:
- "8080:8080"
- "80:80"
whoami:
image: traefik/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entrypoints=http
- traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami.middlewares=add-auth-header
- "traefik.http.middlewares.add-auth-header.headers.customrequestheaders.authorization=Basic dXNlcjpwYXNzCg=="
Response of the backend after sending a curl request to whoami.localhost
:
❯ curl whoami.localhost
Hostname: 6802990b3586
IP: 127.0.0.1
IP: 172.19.0.2
RemoteAddr: 172.19.0.3:56940
GET / HTTP/1.1
Host: whoami.localhost
User-Agent: curl/7.64.1
Accept: */*
Accept-Encoding: gzip
Authorization: Basic dXNlcjpwYXNzCg==
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 5e48141afff1
X-Real-Ip: 172.19.0.1
As expected the whoami
backend has received the Authorization
header added by Traefik.
Hope this helps!
2 Likes