Exclude particular path from basicauth doesn't work

caprio · January 26, 2024, 10:57pm

I would like to remove basic authenticaiton for a particular PathPrefix. I would like to protect all but one particular path should be without auth pass. My configuration which it doesn't properly.

  - "traefik.enable=true"
  - "traefik.frontend.rule=Host:${HOST}"
  - "traefik.docker.network=traefik"
  - "traefik.http.routers.apache-${PROJECT_NAME}.entrypoints=web"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.entrypoints=websecure"
  - "traefik.http.routers.apache-${PROJECT_NAME}.tls=false"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.tls=true"
  - "traefik.http.routers.apache-${PROJECT_NAME}.rule=Host(`${HOST}`)"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.rule=Host(`${HOST}`)"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.tls.certresolver=letsencrypt"
  - "traefik.http.routers.apache-${PROJECT_NAME}.middlewares=${T2_WEB_MIDDLEWARES}"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.middlewares=${T2_WEBSECURE_MIDDLEWARES}"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.priority=100"
  - "traefik.http.middlewares.${PROJECT_NAME}-authpass.basicauth.users=${T2_AUTH_WEB}"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.rule=(Host(`${HOST}`) && PathPrefix(`/methoden`))"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.entrypoints=websecure"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.tls=true"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.priority=101"

bluepuma77 · January 27, 2024, 9:44am

I think this is Traefik v1

  - "traefik.frontend.rule=Host:${HOST}"

Grouping by router makes it easier to understand

  - "traefik.http.routers.apache-${PROJECT_NAME}.entrypoints=web"
  - "traefik.http.routers.apache-${PROJECT_NAME}.tls=false"
  - "traefik.http.routers.apache-${PROJECT_NAME}.rule=Host(`${HOST}`)"
  - "traefik.http.routers.apache-${PROJECT_NAME}.middlewares=${T2_WEB_MIDDLEWARES}"

  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.entrypoints=websecure"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.tls=true"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.rule=Host(`${HOST}`)"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.tls.certresolver=letsencrypt"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.middlewares=${T2_WEBSECURE_MIDDLEWARES}"
  - "traefik.http.routers.apache-${PROJECT_NAME}-websecure.priority=100"

  - "traefik.http.routers.apache-${PROJECT_NAME}-api.rule=(Host(`${HOST}`) && PathPrefix(`/methoden`))"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.entrypoints=websecure"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.tls=true"
  - "traefik.http.routers.apache-${PROJECT_NAME}-api.priority=101"

  - "traefik.http.middlewares.${PROJECT_NAME}-authpass.basicauth.users=${T2_AUTH_WEB}"

By itself the api router should have a higher priority because the rule is longer (has more characters).

You are using different TLS setups on websecure and api, is that on purpose?

I usually recommend to do http-to-https redirect and TLS assignment globally on entrypoint, that avoids repetition. See simple Traefik example.

caprio · January 27, 2024, 9:31pm

A higher priority didn\t solve the issue. I have already tested with it before.

Topic		Replies	Views
Exclude particular path(s) from basicauth Traefik v2 middleware	1	3501	June 24, 2020
Basic auth for /administrator path Traefik v2 middleware	1	541	December 1, 2022
Exclude basic aut from path Traefik v2 docker	0	229	October 24, 2022
Selectively disable BasicAuth Middleware Traefik v2 middleware	1	1269	March 12, 2020
Add basicAuth middleware to path with regex Traefik v2 middleware	0	257	May 18, 2022

Exclude particular path from basicauth doesn't work

Related Topics