Migration Help - global Basic Auth with Dashboard

gdomod · April 15, 2020, 8:26am

Hi there, im poweruser of traefik 1.7 but letsencrypt runs out of support. ok time for new things.

In old settings i have basicauth for all my services and only https, can anybody help me to migrate my old settings.

[api]
  entryPoint = "admin"
  dashboard = true
  address = ":8080"
  debug = true


[entryPoints] 
  [entryPoints.admin]
    address = ":8080"

  [entryPoints.https]
    address = ":12345"
    [entryPoints.https.auth]
     [entryPoints.https.auth.basic]
      removeHeader = true
      users = [
       "user:hash"
      ]
    [entryPoints.https.tls]


RULES:
[backends]
  [backends.admin]
   [backends.admin.servers]
    [backends.admin.servers.server0]
    url = "http://127.0.0.1:8000"

[frontends]
  [frontends.admin]
   entrypoints = ["https"]
   backend = "admin"
   passHostHeader = true
   #passTLSCert = true

   [frontends.admin.routes]
    [frontends.admin.routes.route0]
     rule = "PathPrefixStrip:/admin"

gdomod · April 15, 2020, 8:59am

I try settings inside composer without tomls
i just have problems to enable basicauth to all my services inclusive /admin or /dashboard

maybe i need to edit with command --entrypoints.websecure.http.middlewares.basicauth.users ? but i didnt found documentation

version: "3.6"
networks:
  default:
    driver: bridge
  internal:
    internal: true
    external:
      name: internal
services:
  traefik:
    hostname: traefik
    image: traefik:latest
    container_name: traefik
    restart: always
    domainname: example.com
    networks:
      - default
      - internal
    ports:
      - "12345:12345"
    command:
      "--providers.docker=true"
      "--defaultentrypoints=websecure"
      
      "--entryPoints=Name:websecure Address::12345 TLS"
      "--providers.docker.exposedByDefault=false"

      "--entryPoints.websecure.address=:12345"

      ## GLOBAL AUTH ?     
      "--entryPoints.websecure.basicauth.removeHeader=true"
      "--entryPoints.websecure.basicauth.users=user:hash"

      "--api.dashboard=true"
      
      
      #####ACME   
      "--certificatesResolvers.myresolver.acme.email=user@mail.de"
      "--certificatesResolvers.myresolver.acme.storage=acme.json"
      "--certificatesResolvers.myresolver.acme.dnsChallenge.provider=netcup"
      "--certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=900"
      "--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=8.8.8.8:53, 8.8.4.4:53,46.38.225.230:53"


    environment:
      - NETCUP_CUSTOMER_NUMBER=
      - NETCUP_API_PASSWORD=
      - NETCUP_API_KEY=
    labels:
      - "traefik.enable=true"

      ## GLOBAL AUTH ?
      #- "traefik.http.routers.admin.rule=Host(`example.com`) && PathPrefix(`/admin`)"
      #- "traefik.http.routers.admin.middlewares=admin-stripprefix"
      #- "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"


      ####DASHBOARD
      - "traefik.http.routers.api.rule=PathPrefix('/admin')"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=user:hash"


    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/config/traefik/data:/etc/traefik
      - /root/config/traefik/shared:/shared

ldez · April 15, 2020, 10:09am

Hello,

something like that:

version: '3.7'

services:
  traefik:
    image: traefik:v2.2.0
    command:
      - --log.level=DEBUG
      - --api
      
      - --providers.docker.exposedbydefault=false
      
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=leresolver
      - --entrypoints.websecure.http.middlewares=auth@docker

      - --certificatesresolvers.leresolver.acme.email=your@email.com
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./letsencrypt/:/letsencrypt
    labels:
      traefik.enable: true

      # Dashboard
      traefik.http.routers.traefik.rule: Host(`traefik.localhost`)
      traefik.http.routers.traefik.entrypoints: websecure
      traefik.http.routers.traefik.service: api@internal
      

      traefik.http.middlewares.auth.basicauth.users: user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/ # user/password

  whoami:
    image: containous/whoami:v1.5.0
    labels:
      traefik.enable: true

      traefik.http.routers.app.rule: Host(`whoami.localhost`)
      traefik.http.routers.app.entrypoints: websecure

Topic		Replies	Views
Traefik BasicAuth Dashboard Traefik v2 docker , middleware	4	3206	June 1, 2020
Dashboard basic_auth & stripprefix middlewares doesn't work together Traefik v2 docker , dashboard-api , middleware	2	1017	February 6, 2022
Impossible to get basic auth for dashboard Traefik v2 dashboard-api	2	6323	March 24, 2020
basicAuth defined on traefik.yml not working Traefik v2 docker , middleware	12	2864	April 27, 2023
Minimal example for traefik with dashboard and basic auth Traefik v2 docker , dashboard-api	21	28420	April 12, 2025

Migration Help - global Basic Auth with Dashboard

Related topics