hi, I am trying to setup auth using forward auth middleware. The auth server is running in same docker cluster. A request is able to hit the auth server url, but never resumes the flow from auth middleware in traefik.
The result it that original request, example /user gets redirected to /verify on auth server and it return 200/OK to original request. I was expecting the original request to resume the flow once auth server returns 200/OK.
Does the auth server need to handle redirection to original request or am I missing something in config here?
Here is my config:
traefik:
image: traefik:v2.1.2
command:
- --entryPoints.http.address=:80
- --entryPoints.https.address=:443
- --providers.docker.exposedByDefault=false
- --accesslog=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- ./traefik/traefik.config.toml:/etc/traefik/traefik.config.toml
- ./certs:/etc/certs
labels:
- "traefik.http.routers.traefik.rule=Host(`${HOST}`) && (PathPrefix(`/services/traefik`) || PathPrefix(`/api`))"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.middlewares=strip, auth"
- "traefik.http.middlewares.strip.stripprefix.prefixes=/services/traefik"
- "traefik.http.middlewares.auth.basicauth.users=admin:admin"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=http"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
auth:
build: ./auth
ports:
- 8100
labels:
- "traefik.enable=true"
- "traefik.http.routers.auth.rule=Host(`${HOST`) && PathPrefix(`/microservice/auth`)"
- "traefik.http.routers.auth.entrypoints=https"
- "traefik.http.routers.auth.tls=true"
user:
build: ./user
ports:
- 8100
labels:
- "traefik.enable=true"
- "traefik.http.routers.user.rule=Host(`${HOST`) && PathPrefix(`/microservice/user`)"
- "traefik.http.routers.user.entrypoints=https"
- "traefik.http.routers.user.tls=true"
- "traefik.http.routers.user.middlewares=authme"
- "traefik.http.middlewares.authme.forwardauth.address=http://HOST/microservice/auth/verify"
- "traefik.http.middlewares.authme.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.authme.forwardauth.authResponseHeaders=X-Forward-Auth-User, X-Forward-Auth-User-Role"