How best to add authentication to multiple docker services accessible from the same public hostname?

Traefik Traefik v2
,
1

I am running multiple docker services (including traefik 2) on the same machine.
The machine (has a public hostname) and is accessible via the internet on https port (443).

The idea is make those services accessible by following URL:

  • https://my_public_host_name/service1
  • https://my_public_host_name/service2
  • https://my_public_host_name/service3
    ...

How I can best secure those public services ?

I was thinking about using Traefik's BasicAuth middleware for those services.
but doesn't this clash if the docker service itself also has some authentication mechanism
as in that case some browsers will try to logon automatically to this docker service using Traefik's BasicAuth username/password which won't work if that docker service has a different user name and password.

2

Hello,

To avoid conflict Traefik's BasicAuth and application authentication mechanism, you can use the removeHeader option.

https://docs.traefik.io/v2.1/middlewares/basicauth/#removeheader

1 Like
3

Is it actually possible to define basic authentication and tls only once for path https://my_public_host_name/... and then for each service define a routing rule based on the PathPrefix ?

4

It is possible to define basic authentication middleware only once and add this middleware to multiple routers.

E.g. the definition of the middleware labels

      - "traefik.http.middlewares.traefik_auth.basicauth.users=${BASIC_AUTH_USER_PASSWORD}"
      - "traefik.http.middlewares.traefik_auth.basicauth.removeheader=true"

E.g. If you want to use this middleware for a grafana_wan router in your docker compose file, you can should add the following label:

      - "traefik.http.routers.grafana_wan.middlewares=traefik_auth"
1 Like