Authentication fails when using file provider

Hi guys,

For some reason, I'm unable to login when configuring basic auth through a file provider. All relevant files are below. Note that I am able to login when the auth credentials are instead placed in my docker-compose.yml file as a label. In my case below, the password is password for convenience/testing. Anyone have any ideas why auth fails, but only when using a file provider?

docker-compose.yml

version: '3.2'

services:
  reverse-proxy:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/docker/reverse-proxy/traefik.yml:/etc/traefik/traefik.yml:ro
      - /var/docker/reverse-proxy/shared-config.yml:/etc/traefik/shared-config.yml:ro
      - certs:/etc/traefik/acme
    labels:
      # traefik dashboard
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`monitor.domain.io`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=http"
      - "traefik.http.routers.api-secure.rule=Host(`monitor.domain.com`)"
      - "traefik.http.routers.api-secure.tls=true"
      - "traefik.http.routers.api-secure.entrypoints=https"
      - "traefik.http.routers.api-secure.tls.certresolver=letsencrypt"
      - "traefik.http.routers.api-secure.middlewares=admin@file"
      # - "traefik.http.middlewares.admin.basicauth.users=scott:$$2y$$05$$6IKz77vJmKUnitV0CugN2O7uIEbUATdkBDMYIIhBaR3q.5d1pRam2"
      # middleware https redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=http"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
    networks:
      - reverse-proxy

volumes:
  certs:

networks:
  reverse-proxy:
    external:
      name: reverse-proxy

traefik.yml

## traefik.yml

log:
  level: DEBUG

# Docker configuration backend
providers:
  docker:
    defaultRule: "Host(`{{ trimPrefix `/` .Name }}.domain.com`)"
    exposedByDefault: false
  file:
    filename: /etc/traefik/shared-config.yml
    # watch: true

# API and dashboard configuration
api:
  dashboard: true
  debug: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

certificatesResolvers:
  letsencrypt:
    acme:
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      email: scott@domain.com
      storage: /etc/traefik/acme/acme.json
      httpChallenge:
        # used during the challenge
        entryPoint: http

shared-config.yml

http:
  middlewares:
    admin:
      basicAuth:
        users:
        - scott:$$2y$$05$$6IKz77vJmKUnitV0CugN2O7uIEbUATdkBDMYIIhBaR3q.5d1pRam2

Hello,

The $ need to be escaped by a $ only the a docker compose file.

https://docs.traefik.io/v2.0/middlewares/basicauth/#users

http:
  middlewares:
    admin:
      basicAuth:
        users:
        - scott:$2y$05$6IKz77vJmKUnitV0CugN2O7uIEbUATdkBDMYIIhBaR3q.5d1pRam2
1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.