Different handling for /dashboard and /metrics

I'm learning traefik so I'm probably missing something obvious here - but why doesn't below work like expected?

I want one basic auth setup for /dashboard and another for /metrics, plus limit the metrics endpoint by IP.

With this setup I can still reach the metrics endpoint from any internal IP, and no basic auth is required either.

---
http:
  routers:
    dashboard:
      rule: Host(`traefik.internal`) && PathPrefix(`/dashboard`)
      service: api@internal
      middlewares:
        - basicAuthDashboard

    metrics:
      rule: Host(`traefik.internal`) && PathPrefix(`/metrics`)
      service: api@internal
      middlewares:
        - prometheusScraperAllowedIPs
        - basicAuthMetrics

  middlewares:
    basicAuthDashboard:
      basicAuth:
        users:
          - "admin:derp"
    basicAuthMetrics:
      basicAuth:
        users:
          - "metrics:derp"

    prometheusScraperAllowedIPs:
      ipWhiteList:
        sourceRange:
          - "192.0.8.0/24"

According to doc you need to enable manualRouting and set the correct internal service prometheus@internal:

metrics:
  prometheus:
    manualRouting: true

Yes, that did the trick! Thank you very much!

Not sure how I missed that in the documentation.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.