Do you want to request a feature or report a bug ?
Bug
What did you do?
I added the docker provider config labels for basic auth middleware and then I run the traefik service in swarm mode to access the dashboard in my browser at the exposed port 9191
What did you expect to see?
I expected to see the basic authentication form when my url ends with or without a trailing forward slash. Eg. Both domain.traefik.com:9191/dashboard and domain.traefik.com:9191/dashboard/ must request for user authentication.
What did you see instead?
When i access the url like this domain.traefik.com:9191/dashboard , it asks for authentication but when I access the url with a trailing slash at the end like this domain.traefik.com:9191/dashboard/ , it bypasses the authentication and goes to dashboard straight away.
Output of traefik version : ( What version of Traefik are you using? )
2.0
What is your environment & configuration (arguments, toml, provider, platform, ...)?
version: '3'
services:
reverse-proxy:
# The official v2.0 Traefik docker image
image: traefik:v2.0
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker --providers.docker.swarmMode=true
ports:
# The HTTP port
- "91:80"
# The Web UI (enabled by --api.insecure=true)
- "9191:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-stack
deploy:
labels:
- "traefik.http.services.reverse-proxy.loadbalancer.server.port=91"
- "traefik.docker.network=traefik-stack"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=secured"
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.middlewares.auth.basicauth.users=test:$apr1$bqEWT0Z2$yUFoM5U9X/FbaSmx5v6ib."
- "traefik.http.middlewares.replacepath.replacepath.path=/dashboard/" #without this line, error 404 occurs
- "traefik.http.middlewares.secured.chain.middlewares=auth,replacepath"
placement:
constraints:
- node.role == manager
networks:
traefik-stack:
external: true
Thank you very much for the support. Your code works like magic!! I had to change the colons(:) in the deploy labels to equal signs (=)
Also i am running Traefik behind a reverse proxy so i made some slight changes to suit my environment. I would share my config here in order to help anyone who falls into this problem in the future.
my working traefik config for secured dashboard and swarm mode behind nginx reverse proxy server:
version: '3'
services:
reverse-proxy:
# The official v2.1.3 Traefik docker image
image: traefik:v2.1.3
# Enables the secured web UI and tells Traefik to listen to docker
command:
- --api=true
- --providers.docker
- --providers.docker.swarmMode=true
ports:
# The traefik reverse proxy loadbalancer and dashboard are all handled by port 91. Access the dashboard using path domain.com:91/dashboard/
- "91:80"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-stack
deploy:
labels:
- "traefik.docker.network=traefik-stack"
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$bqEWT0Z2$$yUFoM5U9X/FbaSmx5v6ib."
- "traefik.http.services.reverse-proxy.loadbalancer.server.port=91"
placement:
constraints:
- node.role == manager
networks:
traefik-stack:
external: true
my working traefik config for non-secured dashboard and swarm mode behind nginx reverse proxy server:
version: '3'
services:
reverse-proxy:
# The official v2.1.3 Traefik docker image
image: traefik:v2.1.3
# Enables the non secured web UI and tells Traefik to listen to docker
command:
- --api.insecure=true
- --providers.docker
- --providers.docker.swarmMode=true
ports:
# The http port for the loadbalancer. When not running behing a reverse proxy, use 80:80
- "91:80"
# Exposing the non secured port 8080 to host port 9191. When host port 8080 is free, use 8080:8080
- "9191:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-stack
deploy:
labels:
- "traefik.docker.network=traefik-stack"
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
#- "traefik.http.routers.api.service=api@internal"
#- "traefik.http.routers.api.middlewares=auth"
#- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$bqEWT0Z2$$yUFoM5U9X/FbaSmx5v6ib."
# This line is mandatory when using swarm mode.
- "traefik.http.services.reverse-proxy.loadbalancer.server.port=91"
placement:
constraints:
- node.role == manager
networks:
traefik-stack:
external: true
I marked your reply as the solution. Could you please edit your config to such that the docker labels uses equal signs instead of colons? The colons ( broke the code but when i changed to equal signs(=), it worked.
broke the code but when i changed to equal signs(=), it worked.