Dashboard Auth not working

I recently started to use Traefik and to play around. I'd like to add auth to the dashboard. My docker-compose.yaml is:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.2
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock 
      - ${PWD}/traefik.toml:/traefik.toml  
  whoami:
    image: containous/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"

And my traefik.toml:

[log]
  level = "DEBUG"

[global]
  checkNewVersion = true
  sendAnonymousUsage = false


[providers.docker]

[api]
  #insecure = true
  dashboard = true
  debug = true

[entryPoints]
  [entryPoints.http]
  address = ":80"


[http.routers.my-api]
  rule = "Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
  service = "api@internal"
  middlewares = ["auth"]

[http.middlewares.auth.basicAuth]
  users = [
  "dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]

When I go to traefik.damn.li I get 404 Not found. Did I miss something in the docs or why can't I access the dashboard?

Thank you

I suggest you verify first it's working without the auth. The when you are happy with that add the auth. It seems that your host rule would not match traefik.damn.li/

in the v2, the dynamic configuration and the static configuration must be defined in separated files:


without files

docker-compose.yml:

version: '3.7'

services:

  reverse-proxy:
    image: traefik:v2.2.7
    command:
      - --log.level=DEBUG
      - --global.checkNewVersion
      - --api
      - --providers.docker
      - --entrypoints.web.address=:80
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      traefik.enable: "true"

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      traefik.http.routers.traefik.entrypoints: websecure
      traefik.http.routers.traefik.service: api@internal
      traefik.http.routers.traefik.middlewares: auth
      
      traefik.http.middlewares.auth.headers.basicAuth.users: dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/

  whoami:
    image: containous/whoami
    labels:
      traefik.http.routers.whoami.rule: Host(`whoami.docker.localhost`)
with files

docker-compose.yml:

version: '3.7'

services:

  reverse-proxy:
    image: traefik:v2.2.7
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${PWD}/traefik.toml:/traefik.toml
      - ${PWD}/dyn/:/dyn/

  whoami:
    image: containous/whoami
    labels:
      traefik.http.routers.whoami.rule: Host(`whoami.docker.localhost`)

traefik.toml:

[log]
  level = "DEBUG"

[global]
  checkNewVersion = true
  sendAnonymousUsage = false

[providers.docker]

[providers.file]
    directory = "/dyn/"
    watch = true

[api]
  dashboard = true

[entryPoints]
  [entryPoints.http]
  address = ":80"

/dyn/config.toml

[http.routers.my-api]
  rule = "Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
  service = "api@internal"
  middlewares = ["auth"]

[http.middlewares.auth.basicAuth]
  users = [
  "dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]

Do you mean dynamic via labels in docker compose and static via traefik.toml?

I mean that:

  • you cannot use the same file for static and dynamic configuration
  • to use a file as a source of dynamic configuration, you have to enable the file provider

FYI, the dynamic configuration can be defined in different ways: file, labels, ...

Take a look to my previous examples.

Not sure if you figured this out or not... but I do suggest you do get it working w/o Auth and then you take that dive into middlewares etc.

Also, this block should be defined in your docker-compose as labels.