GRPC auth middleware issue

mezeipetister · January 13, 2025, 12:52pm

Hi Guys,

I want to use traefik as a grpc proxy api. It should forward the grpc request to an authmiddleware. I made a demo a few days ago and it worked, but now in my project it does not work. My grpc call receives 500 error code. When i disable authmiddleware the grpc works. Could you help me what am I missing?

The relevant docker compose parts:

traefik:
    image: "traefik:v3.2"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80" # HTTP/1
      # - "--entryPoints.websecure.address=:443" # HTTPS
      # - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--providers.file.filename=/dynamic.yaml"
    ports:
      - "80:80"
      # - "443:443"
      - "8080:8080"

user_service:
    image: gardenzillaorg/user_service:latest
    container_name: user_service
    build:
      context: .
      dockerfile: Dockerfile
      args:
        - SERVICE_NAME=user_service
    restart: always
    env_file:
      - ENV.list
    networks:
      - gz_network
    depends_on:
      mongo:
        condition: service_started
      kafka:
        condition: service_healthy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.user_service.rule=Host(`api.user.localhost`)"
      - "traefik.grpc.services.user_service.loadbalancer.server.url=http://user_service"
      - "traefik.http.services.user_service.loadbalancer.server.port=40051"
      - "traefik.http.services.user_service.loadbalancer.server.scheme=h2c"
      - "traefik.http.middlewares.mooncar-grpc.grpcWeb.allowOrigins=*"
      - "traefik.http.routers.user_service.middlewares=authMiddleware@file"

dynamic.yaml

http:
  middlewares:
    authMiddleware:
      forwardAuth:
        address: "http://auth_service:3000/validate"
        trustForwardHeader: true
        authResponseHeaders:
          # - "X-User-Id"
          - "X-Token"
          # - "X-Roles"
          # - "X-Created-At"

Thank you in advance

bluepuma77 · January 14, 2025, 10:26am

Enable and check Traefik debug log (doc) and Traefik access log in JSON format (doc).

mezeipetister · January 15, 2025, 8:23am

Ok so basically my interceptor service tricked me and returned 500 to every request. Its a bit annoying, but your advice helped me to put my leg on the solution path anyway. Thank you.

And if you are doing managed state with Actix or Rocket watch the details, .manage(Arc<T>) is not equal with &State<T> ... just spent 2 days for this shitty bug. Thank you.

Topic		Replies	Views
Getting started with the GrpcWeb middleware Traefik v3 (latest) docker	5	2117	December 14, 2022
Traefik 2.0 middleware does not apply Traefik v2 docker	10	3742	October 10, 2019
Problem using a middleware cross providers Traefik v2 middleware	2	1837	September 27, 2019
Http --> https grpc with insecure error Traefik v2 tcp , middleware	1	1050	April 1, 2020
[SOLVED] Hitting a 500 Internal Server Error caused by unsupported protocol scheme \"\" with a file config Traefik v2 docker , file	7	15097	May 7, 2021

GRPC auth middleware issue

Related topics