Dashboard basic_auth & stripprefix middlewares doesn't work together

Zahyl · February 6, 2022, 4:04pm

Hi,

I'm trying to setup traefik for the firts time.

I want to access the dashboard via https://domain.tld/dashboard and not https://dashboard.domain.tld and also use basicauth.

I saw this post where it's seem to work but it isn't for me.

My docker-compose file :

version: "3.3"

secrets:
  ...

services:
  traefik:
    image: "traefik:v2.6"
    container_name: "traefik"
    secrets:
     ...
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--api.insecure=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Configure entrypoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      # Global HTTP -> HTTPS
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      # SSL configuration
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.letsencrypt.acme.email=$OVH_EMAIL"
      - "--certificatesresolvers.letsencrypt.acme.storage=acme.json"
    ports:
      - "80:80"
      - "443:443"
    environment:
      ... get secrets ...
    volumes:
      - "$DOCKERDIR/shared:/shared"
      - "$DOCKERDIR/traefik2/acme/acme.json:/acme.json"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      # SSL config
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      # Dashboard + API
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.rule=Host(`domain.tld`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"

      # middlewares declaration
      - "traefik.http.middlewares.my-dashboard-strip.stripprefix.prefixes=/dashboard"
      - "traefik.http.middlewares.my-basic-auth.basicauth.usersfile=/share/.htpasswd"

      # middlewares chain declaration
      - "traefik.http.middlewares.grp_middleware_for_dashboard.chain.middlewares=my-basic-auth,my-dashboard-strip"
 
      # Test with stripprefix only:
      - "traefik.http.routers.traefik.middlewares=my-dashboard-strip"  # => working well without basicauth
      
      # Test one of these middlewares without success: 
      - "traefik.http.routers.traefik.middlewares=my-dashboard-strip,my-basic-auth" # => not working, /dashboard is routed to whoami service
      - "traefik.http.routers.traefik.middlewares=grp_middleware_for_dashboard" # => not working, /dashboard is routed to whoami service


  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.tls=true"
      - "traefik.http.routers.whoami.rule=Host(`domain.tld`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"

The debug log level give me this when i request https://domain.tld/dashboard/ with stripprefixe + basicauth middlewares (vs nothings if stripprefixe only):

traefik | time=time level=debug msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" 
Request="{\"Method\":\"GET\",
\"URL\":
{\"Scheme\":\"\",
\"Opaque\":\"\",
\"User\":null,
\"Host\":\"\",
\"Path\":\"/dashboard/\",
\"RawPath\":\"\",
\"ForceQuery\":false,
\"RawQuery\":\"\",
\"Fragment\":\"\",
\"RawFragment\":\"\"},
\"Proto\":\"HTTP/2.0\",
\"ProtoMajor\":2,
\"ProtoMinor\":0,
\"Header\":{\"Accept\":[\"text/html,
application/xhtml+xml,
application/xml;q=0.9,
image/avif,
image/webp,
*/*;q=0.8\"],
\"Accept-Encoding\":[\"gzip,
 deflate,
 br\"],
\"Accept-Language\":[\"fr,
fr-FR;q=0.8,
en-US;q=0.5,
en;q=0.3\"],
\"Cache-Control\":[\"max-age=0\"],
\"Sec-Fetch-Dest\":[\"document\"],
\"Sec-Fetch-Mode\":[\"navigate\"],
\"Sec-Fetch-Site\":[\"none\"],
\"Sec-Fetch-User\":[\"?1\"],
\"Te\":[\"trailers\"],
\"Upgrade-Insecure-Requests\":[\"1\"],
\"User-Agent\":[\"$USER-AGENT"],
\"X-Forwarded-Host\":[\"$domain.tld\"],
\"X-Forwarded-Port\":[\"443\"],
\"X-Forwarded-Proto\":[\"https\"],
\"X-Forwarded-Server\":[\"68d9647fac43\"],
\"X-Real-Ip\":[\"$IP\"]},
\"ContentLength\":0,
\"TransferEncoding\":null,
\"Host\":\"$domain.tld\",
\"Form\":null,
\"PostForm\":null,
\"MultipartForm\":null,
\"Trailer\":null,
\"RemoteAddr\":\"$IP:$PORT\",
\"RequestURI\":\"/dashboard/\",
\"TLS\":null}"

Did i miss something obvious ?

Thanks!

Zahyl · February 6, 2022, 6:26pm

Never mind.

I did change my-basic-auth to use:

- "traefik.http.middlewares.my-basic-auth.basicauth.users=admin:$strong$passwordhtpasswd"

And it's working.

system · February 9, 2022, 6:26pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik BasicAuth Dashboard Traefik v2 (latest) docker , middleware	4	2191	June 1, 2020
Traefik doesn't seem to work with api@internal service Traefik v2 (latest) docker-swarm , dashboard-api , middleware	7	8217	December 9, 2023
Dashboard StripPrefix Traefik v2 (latest) docker , dashboard-api	3	2858	November 19, 2019
Impossible to get basic auth for dashboard Traefik v2 (latest) dashboard-api	2	6062	March 24, 2020
Dashboard 404 with Traefik v2.4.2 (Docker) Traefik v2 (latest) docker	2	3107	February 3, 2021

Dashboard basic_auth & stripprefix middlewares doesn't work together

Related Topics