Hey there,
I'm facing some problems getting basic auth working. While I have it working for one of my services the other fails when it's setup. here's my stripped down docker compose file.
version: '3'
networks:
proxynet:
driver: bridge
webgateway:
external: true
services:
firstservice:
...
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxynet'
- 'traefik.port=4000'
- 'traefik.backend=firstservice'
- 'traefik.backend.loadbalancer.method=drr'
- 'traefik.domain=${FQDN_TM}'
- 'traefik.frontend.rule=Method:GET,POST;Host:${FQDN_TM}'
#- 'traefik.frontend.auth.basic.usersFile=/auth/.htpasswd'
#- 'traefik.frontend.rule=Method:PUT;Host:${FQDN_TM}'
...
networks:
- proxynet
ports:
- 5432
otherservice:
...
ports:
- 3000
labels:
- 'traefik.enable=true'
- 'traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxynet'
- 'traefik.port=3000'
- 'traefik.backend=otherservice'
- 'traefik.backend.loadbalancer.method=drr'
- 'traefik.frontend.rule=Host:${FQDN_OTHERSERVICE}'
- 'traefik.domain=${FQDN_OTHERSERVICE}'
proxy:
image: traefik
restart: always
command:
- '--loglevel=DEBUG'
# - '--api'
# - "--entrypoints=Name:http Address::80"
- '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
- '--entrypoints=Name:https Address::443 TLS'
- '--defaultentrypoints=http,https'
- '--acme'
- '--acme.storage=/etc/acme/acme.json'
- '--acme.entryPoint=https'
- '--acme.onHostRule=true'
- '--acme.httpChallenge'
- '--acme.httpChallenge.entryPoint=http'
- '--acme.email=${LETSENCRYPT_EMAIL}'
## remove the comment for the following line to only send certificate requests to the sandbox service (for testing)
#- "--acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # uncomment this line if you want to test the lets encrypt certificate generation
- '--docker'
- '--docker.exposedByDefault=false'
- '--docker.endpoint=unix:///var/run/docker.sock'
- '--docker.watch'
ports:
- 80:80
- 443:443
volumes:
- ./.htpasswd:/auth/.htpasswd
- ./acme/:/etc/acme/
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxynet
- webgateway
volumes:
...
everything works this way. As soon as i put these two commented lines live
#- 'traefik.frontend.auth.basic.usersFile=/auth/.htpasswd'
#- 'traefik.frontendapi.rule=Method:PUT;Host:${FQDN_TM}'
The auth I need works, also the PUT method comes through without auth which is what I want but the OTHERSERVICE totally breaks. The Hostname set via the FQDN_OTHERSERVICE env variable suddenly routes to FIRSTSERVICE.
I'm sure I'm just not completely getting how frontend rules play on several hosts and containers but I'm curious why it works. Also I'm not sure about the traefik.frontendapi.rule... syntax. I found this by trial and error as I found I need something different to throught with PUT requests without auth.
Any help on this is appreciated and I hope I was able to explain it clearly (not a native englishman obviously)
Thanks,
Frank