darox
August 9, 2020, 2:50pm
1
I recently started to use Traefik and to play around. I'd like to add auth to the dashboard. My docker-compose.yaml is:
version: '3'
services:
reverse-proxy:
image: traefik:v2.2
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${PWD}/traefik.toml:/traefik.toml
whoami:
image: containous/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
And my traefik.toml:
[log]
level = "DEBUG"
[global]
checkNewVersion = true
sendAnonymousUsage = false
[providers.docker]
[api]
#insecure = true
dashboard = true
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[http.routers.my-api]
rule = "Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
When I go to traefik.damn.li I get 404 Not found. Did I miss something in the docs or why can't I access the dashboard?
Thank you
zespri
August 9, 2020, 10:25pm
2
I suggest you verify first it's working without the auth. The when you are happy with that add the auth. It seems that your host rule would not match traefik.damn.li/
ldez
August 9, 2020, 11:15pm
3
in the v2, the dynamic configuration and the static configuration must be defined in separated files:
without files
docker-compose.yml:
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2.7
command:
- --log.level=DEBUG
- --global.checkNewVersion
- --api
- --providers.docker
- --entrypoints.web.address=:80
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
traefik.enable: "true"
# Dashboard
traefik.http.routers.traefik.rule: Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
traefik.http.routers.traefik.entrypoints: websecure
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.middlewares: auth
traefik.http.middlewares.auth.headers.basicAuth.users: dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
whoami:
image: containous/whoami
labels:
traefik.http.routers.whoami.rule: Host(`whoami.docker.localhost`)
with files
docker-compose.yml:
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.2.7
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${PWD}/traefik.toml:/traefik.toml
- ${PWD}/dyn/:/dyn/
whoami:
image: containous/whoami
labels:
traefik.http.routers.whoami.rule: Host(`whoami.docker.localhost`)
traefik.toml:
[log]
level = "DEBUG"
[global]
checkNewVersion = true
sendAnonymousUsage = false
[providers.docker]
[providers.file]
directory = "/dyn/"
watch = true
[api]
dashboard = true
[entryPoints]
[entryPoints.http]
address = ":80"
/dyn/config.toml
[http.routers.my-api]
rule = "Host(`traefik.damn.li`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"dario:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
darox
August 10, 2020, 11:31am
4
Do you mean dynamic via labels in docker compose and static via traefik.toml?
ldez
August 10, 2020, 11:46am
5
I mean that:
you cannot use the same file for static and dynamic configuration
to use a file as a source of dynamic configuration, you have to enable the file provider
FYI, the dynamic configuration can be defined in different ways: file, labels, ...
Take a look to my previous examples.
Not sure if you figured this out or not... but I do suggest you do get it working w/o Auth and then you take that dive into middlewares etc.
Also, this block should be defined in your docker-compose as labels.