Client_auth conditional on PathPrefix

Fred · March 28, 2022, 2:46pm

This should be a common use-case:

I'd like to authenticate a client cert, but only when the url contains a specific PathPrefix. The app behind traefik is a web-site, which also handles rpc-calls on https://some.domain.com/rpc

Client certs are only passed for rpc calls, for which they are mandatory.

In apache this is simply:

<LocationMatch "^/rpc">
      SSLVerifyClient require
 </LocationMatch>

I've attempted to achieve this by creating two routers with different TLS options:

      - "traefik.http.routers.whoami.rule=Host(`some.domain.com`)"
      - "traefik.http.routers.whoami.entryPoints=https"
      - "traefik.http.routers.whoami.tls=true"

      - "traefik.http.routers.whoami-rpc.rule=Host(`some.domain.com`) && PathPrefix(`/rpc`)"
      - "traefik.http.routers.whoami-rpc.middlewares=passtlsclientcert@file"
      - "traefik.http.routers.whoami-rpc.entryPoints=https"
      - "traefik.http.routers.whoami-rpc.tls=true"
      - "traefik.http.routers.whoami-rpc.tls.options=rpc-options@file"

However this results in Errors: found different TLS options for routers on the same host some.domain.com, so using the default TLS options instead

How should this be handled?

Topic		Replies	Views
Client certificate authentification on path's Traefik v2 docker , middleware	4	337	June 24, 2022
Very simple test case with PathPrefix does not work with SSL Traefik v2 docker	1	395	May 4, 2023
Multiple mtls options based on path rules Traefik v2 file	3	1493	July 29, 2024
Many "found different TLS options for routers on the same host" errors Traefik v2 docker	3	1188	July 29, 2024
Exclude particular path from basicauth doesn't work Traefik v2 middleware	2	278	January 27, 2024

Client_auth conditional on PathPrefix

Related topics