Having traefik serving internal and external services (public / private)?


Can anyone help ?

I currently have traefik in a docker container listening on port 80 and 443 for both HTTP and https entrypoints. (also exposing those ports)

Currently, this means traffic from outside my network can (the public internet) can access a service and traffic from inside my local network can access a service.

I was wondering what the best way of applying for example "basic authentication" to external traffic and not for internal traffic on a particular frontend.

I am a little confused but currently both internally (via my internal dns) and externally forward port 80 and port 443 to the docker container so that docker can route everything.

I don't see a way I can distinguish between the difference between an internal request and an external request.

The only thing I could think of is instead of my external router (public IP) forward port 80 to 80 and 443 to 443 then i would forward 80 to 89 and 443 to 449 - for example.

This means I could technically get traefik to listen on ports 80,89,443 and 449 as different entrypoints and then assign different middleware for different entrypoints.

These seems a little messy, maybe I am completely missing the point.

Anyway to do this ?

Basically allow both internal and external traffic to access services - but having the ability to apply middleware to the internal / external traffic - for example, the basic auth middleware.

Any ideas what the best way of doing this would be ?

Thanks in advance.

1 Like