basicAuth exists, but applied to a wrong host

austyuzhanin · July 20, 2023, 3:49pm

Hello, I'm trying to set up basic authorization for Photoprism, but it gets weird - I get two hosts in HTTP Routers, Host(photoprism.local) and Host(app-photoprism).
The middleware exists for the second one, and I need to log in manually on photoprism.local.

Here is the traefik piece of my docker-compose.yml

services:
  photoprism:
    image: photoprism/photoprism:latest
    networks:
      - internal
      - traefik_net
    labels:
      # traefik common
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_net"
      - "traefik.http.routers.photoprism.rule=Host(`photoprism.local`)"
      - "traefik.http.services.photoprism.loadbalancer.server.port=2342"
      - "traefik.http.routers.photprism.middlewares=user-auth@file"

I have the same problem with other services - I get two hosts for every app, service_name.local and service_name-service_name.

What do I miss here?

bluepuma77 · July 20, 2023, 7:11pm

You have the .local domain and assign the middleware, so it requires auth. What’s the problem?

Share your full Traefik static and dynamic config, and docker-compose.yml if used.

austyuzhanin · July 21, 2023, 2:34am

Traefik should perform the authorization, but it doesn't?

version: "3.7"


networks:
  default:
    name: traefik_net
    external: "true"


services:
  traefik:
    image: "traefik:v2.10.3"
    container_name: "traefik"
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - /docker/traefic/dynamic.yml:/dynamic.yml:ro

    command:
      # - --log.level=DEBUG
      - --api
      - --api.dashboard=true
      - --api.insecure=true
      - --providers.docker=true
      - --entrypoints.web.address=:80
      - --providers.file.filename=/dynamic.yml # Load dynamic configuration from a file
      - --providers.file.watch=true

    labels:
      traefik.enable: 'true'
      # put a domain only available in your local network
      traefik.http.routers.traefik.rule: Host(`traefik.local`)
      traefik.http.routers.traefik.entrypoints: web
      traefik.http.routers.traefik.service: api@internal
      traefik.docker.network: traefik_net
      ## Middlewares
      traefik.http.routers.traefik.middlewares: user-auth@file,yacht@file

http:
  middlewares:
    user-auth:
      basicAuth:
        users:
          - "admin:pass"

    yacht:
      basicAuth:
        users:
         - "admin:pass"

Topic		Replies	Views
Basic auth and file provider Traefik v2 (latest) file , middleware	3	732	April 23, 2021
Traefik v2 simple trick to bypass basic Auth Traefik v2 (latest) docker , middleware	5	9370	August 21, 2022
Reusing middlewares for basicauth Traefik v2 (latest) docker	0	526	March 16, 2021
BasicAuth Error Traefik v2 (latest) middleware	2	873	April 6, 2020
How best to add authentication to multiple docker services accessible from the same public hostname? Traefik v2 (latest) docker , middleware	3	707	February 6, 2020

basicAuth exists, but applied to a wrong host

Related Topics