Dashboard authentication with usersFile

I've got traefik running and want to use a userFile for authentication.

Without authentication it all works, but as soon as I add the usersFile label, I get the popup to enter my name and the password but that is it....

services:
  traefik:
    image: traefik:v3.6
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    environment:
      - CLOUDFLARE_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime
      - ./config/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./certs:/etc/traefik/certs
      - ./letsencrypt:/letsencrypt
      - ./config/users:/etc/traefik/users
    labels:
      - "traefik.enable=true"
      # Dashboard route
      - "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.eu`)"
      - "traefik.http.routers.dashboard.entrypoints=dashboard"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.tls.certresolver=cloudflare"
      - "traefik.http.routers.dashboard.service=api@internal"
#      # Basic authentication for dashboard
#      - "traefik.http.middlewares.dashboard-auth.basicauth.usersFile=/etc/traefik/users"
#      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"

My configuration:

# Global configuration
global:
  checkNewVersion: false
  sendAnonymousUsage: false

# Entry points - the ports Traefik listens on
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true
    observability:
      accessLogs: false
      metrics: false
      tracing: false
  dashboard:
    address: ":8080"
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: cloudflare
        domains:
          - main: mydomain.eu
            sans:
              - "*.mydomain.eu"
api:
  dashboard: true   # Enable the web dashboard
  insecure: false    # Allow dashboard access without authentication (development only!)# Where Traefik finds service information

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"  # Docker socket
    exposedByDefault: false                  # Only expose services with traefik.enable=true
    network: traefik_proxy                   # Default network for services# Logging

log:
  level: DEBUG #INFO

certificatesResolvers:
  cloudflare:
    acme:
      storage: /etc/traefik/certs/acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
        delayBeforeCheck: 60  

My userfile (./config/users):

test:$$2y$$05$$Fvx/6e4DniUe7b60gejbTuhPI1TJx0GOFdiJUX6mnl03D9zX7W6bu

So as soon as I uncomment the last 2 lines in the compose.yaml it goes wrong.

What am i doing wrong?

What’s your issue? What "goes wrong"?

Maybe enable Traefik debug log (doc) and check for auth related lines.

The only thing the logging shows is:
```
traefik | 2026-05-11T16:23:35+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:91 > Authentication failed middlewareName=dashboard-auth@docker middlewareType=BasicAuth
```

But that is not very helpfull.

This is the command that i used to create the user test:

echo $(htpasswd -nbB test test) | sed -e s/\\$/\\$\\$/g

Try without using sed, as Traefik is reading a plain file, and no pre-processor like compose is changing the content.

Thnxs! That was indeed the solution!