Add proxy_set_header Authorization in Traefik

Hi,

in Ningx i use proxy_set_header Authorization "Basic hash...";
for automatically connect to a service and I would like to know how to do it with Traefik because I cannot find it and I find that the documentation is not very clear on this subject.

Thanks

Checkout the headers middlewares.

https://doc.traefik.io/traefik/middlewares/http/headers/#adding-and-removing-headers

I have already try with that : traefik.http.middlewares.testHeader.headers.customrequestheaders.authorization=NhZGdsfDFSGSDF"

but doesn't work :frowning:

Take a look at this plugin:GitHub - adyanth/header-transform: Traefik plugin on header transformations

It's kind of unclear how to use the plugin however if you take a look at these two sources it might help:

and here is an example from another project that uses this plugin to change some things:

and

Hopefully those links will get you started. You can write/set/change headers.

Thanks for the plugin but the documentation ... so impossible to make it work

Hello @JamesAdams and thanks for your interest in Traefik!

@cakiwi is right using the Headers middleware should work. Maybe this is not working because you missed adding the authorization scheme to the header (see Authorization - HTTP | MDN).

The middleware configuration should look like the following:

"traefik.http.middlewares.testHeader.headers.customrequestheaders.authorization=Basic NhZGdsfDFSGSDF"

Here is a working docker-compose example. Traefik adds the Authorization header to the request forwarded to the whoami backend (which only echo the received HTTP headers).

version: "3.9"
services:
  traefik:
    image: traefik:v2.5
    command:
      - --api.insecure
      - --log.level=debug
      - --providers.docker.exposedByDefault=false

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro

    ports:
      - "8080:8080"
      - "80:80"

  whoami:
    image: traefik/whoami
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.entrypoints=http
      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
      - traefik.http.routers.whoami.middlewares=add-auth-header
      - "traefik.http.middlewares.add-auth-header.headers.customrequestheaders.authorization=Basic dXNlcjpwYXNzCg=="

Response of the backend after sending a curl request to whoami.localhost:

❯ curl whoami.localhost

Hostname: 6802990b3586
IP: 127.0.0.1
IP: 172.19.0.2
RemoteAddr: 172.19.0.3:56940
GET / HTTP/1.1
Host: whoami.localhost
User-Agent: curl/7.64.1
Accept: */*
Accept-Encoding: gzip
Authorization: Basic dXNlcjpwYXNzCg==
X-Forwarded-For: 172.19.0.1
X-Forwarded-Host: whoami.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 5e48141afff1
X-Real-Ip: 172.19.0.1

As expected the whoami backend has received the Authorization header added by Traefik.

Hope this helps!

2 Likes