Routing mysite.com --> 3 Auth users --> 3 containers

Good evening,

I am French, and my apologies for my English.
I would like to know if, as on Haproxy, it would be possible to route the same url to 3 containers depending on the user:

mysite.com -->user1 (auth) ---> container1
mysite.com -->user2 (auth) ---> container2
mysite.com -->user3 (auth) ---> container3

With Haproxy I use that:

.../...
userlist user1
user user1 password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
userlist user2
user user2 password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
userlist user3
user user. password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
frontend http-in
.../...
frontend https-in
.../...
    acl auth hdr_beg(host) rutorrent.
    acl is_user1 http_auth(user1)
    acl is_user2 http_auth(user2)
    acl is_user3 http_auth(user3)  
    http-request auth realm auth if auth !is_user1 !is_user2 ! is_user3
.../...
    use_backend rutorrent1 if is_user1
    use_backend rutorrent2 if is_user2
    use_backend rutorrent3 if is_user3
.../...

It works, but if it was possible with TRAEFIK, I find it more friendly. I have done several tests, but without success in terms of authentication for some users. The authentication of user1 is refused, but passes with that of user2?
My yml:

http:
  services:
    container1:
      loadBalancer:
        servers:
          - url: "http://container1:80"
    container2:
      loadBalancer:
        servers:
          - url: "http://container2:80"
    container3:
      loadBalancer:
        servers:
          - url: "http://container3:80"
  routers:
    container1:
      rule: "Host(`mysite.exemple.com`)"
      entryPoints:
        - "web"
      middlewares:
        - "redirect-to-https@file"
      service: "noop@internal"
    container1-secure:
      rule: "Host(`mysite.exemple.com`)"
      entryPoints:
        - "websecure"
      middlewares:
        - "user1-auth@file"
        - "hsts@file"
        - "security@file"
        - "compression@file"
      service: "container1-traefik@docker"
      tls:
        certResolver: cloudflare
        options: mintls12

container2:
  rule: "Host(`mysite.exemple.com`)"
  entryPoints:
    - "web"
  middlewares:
    - "redirect-to-https@file"
  service: "noop@internal"
container2-secure:
  rule: "Host(`mysite.exemple.com`)"
  entryPoints:
    - "websecure"
  middlewares:
    - "user2-auth@file"
    - "hsts@file"
    - "security@file"
    - "compression@file"
  service: "container2-traefik@docker"
  tls:
    certResolver: cloudflare
    options: mintls12

container3:
  rule: "Host(`mysite.exemple.com`)"
  entryPoints:
    - "web"
  middlewares:
    - "redirect-to-https@file"
  service: "noop@internal"
container3-secure:
  rule: "Host(`mysite.exemple.com`)"
  entryPoints:
    - "websecure"
  middlewares:
    - "user3-auth@file"
    - "hsts@file"
    - "security@file"
    - "compression@file"
  service: "container3-traefik@docker"
  tls:
    certResolver: cloudflare
    options: mintls12

Thank you in advance.

Hello @jeanluc

There is no such a feature in Traefik to create routing based on the name of the authenticated user. The main issue is that Traefik doesn't have a direct mechanism to deal with pre-routing.

However, there is an alternative solution to do that is to create a loopback trick according to the following example:

req -> traefik -> match router rule -> auth middleware (injects headers) -> send to traefik again
req- > traefik -> match router rule with header -> backend

I will try to prepare the working example for that use case.

Thank you,

Jakub

Good evening,

This is what I sensed, thank you for your answer, and I await your example.