Secure Traefik using basic auth

Hello.
I use the traefik binary on a fedora 34 and I tried to add a basicAuth middleware on the traefik endpoint to secure it. (without creation of an additionnal api entrypoint on 8080 because I have issue the this port is used). But it provide bugs on the dashboard (Dashboard home links to explore http services ; http middlewares not work ; On routers page, links to display services and middle ware not display the same number of services/middlewares on it and not work too). Missing services are dashboard_stripprefix@internal and dashboard_redirect@internal but probably works because the redirection from / to dashboard work...

My configuration is:
/etc/traefik/traefik.toml:

################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
#
################################################################

################################################################
# Global configuration
################################################################
[global]
  checkNewVersion = false
  sendAnonymousUsage = false

################################################################
# Entrypoints configuration
################################################################

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

################################################################
# Traefik logs configuration
################################################################

# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]

  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  #level = "DEBUG"
  level = "DEBUG"

  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "log/traefik.log"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# Access logs configuration
################################################################

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
[accessLog]

  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "/path/to/log/log.txt"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# API and dashboard configuration
################################################################

# Enable API and dashboard
[api]

  # Enable the API in insecure mode
  #
  # Optional
  # Default: false
  #
  # insecure = true
  insecure = false

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  # dashboard = false
  dashboard = true

################################################################
# Ping configuration
################################################################

# Enable ping
[ping]

  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  # entryPoint = "traefik"

################################################################
# Docker configuration backend
################################################################

# Enable Docker configuration backend
[providers.docker]

  # Docker server endpoint. Can be a tcp or a unix socket endpoint.
  #
  # Required
  # Default: "unix:///var/run/docker.sock"
  #
  # endpoint = "tcp://10.10.10.10:2375"
  endpoint = "unix:///var/run/docker.sock"

  # Default host rule.
  #
  # Optional
  # Default: "Host(`{{ normalize .Name }}`)"
  #
  # defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"

  # Expose containers by default in traefik
  #
  # Optional
  # Default: true
  #
  # exposedByDefault = false


################################################################
# Use file providersfor traefik internal dynamic configuration to add basic auth
################################################################
[providers.file]
  directory = "/etc/traefik/conf"
  watch = true

and /etc/traefik/conf/dynamic.toml:

################################################################
# Dashboard secure
################################################################
[http]
  [http.routers]
    # create router for api            
    [http.routers.api_router]
      entryPoints = ["traefik"]
      service = "api@internal"
#      rule = "(Host(`traefik.localhost`) && PathPrefix(`/api`) || Host(`localhost`) && PathPrefix(`/api`))"
      rule = "PathPrefix(`/api`)"
      middlewares = ["authbasic"]
    # create router for dashboard
    [http.routers.dashboard_router]
      entryPoints = ["traefik"]
      service = "dashboard@internal"
#      rule = "(Host(`traefik.localhost`) && PathPrefix(`/dashboard`) || Host(`localhost`) && PathPrefix(`/dashboard`))"
      rule = "PathPrefix(`/`)"
      middlewares = ["authbasic"]

  [http.middlewares]
    # create middleware to enable basic authentication (htpasswd -nB admin) #passwd=admin
    [http.middlewares.authbasic.basicAuth]
      users=[
      "admin:$2y$05$ZsOMMPU./eBsV2m2rQBdDuv4RGhGbVZqmK7P/V25bJufeUfotH2B6"
      ]

If you have an idea about how to add this basic auth middleware on the traefik endpoint correctly :wink:
Thanks in advance

So I just understand it's normal that I not have missing dashboard_stripprefix@internal and dashboard_redirect@internal when using insecure=false

I have understand too that the dashboard issue for links that not work is due to request like http://localhost:8080/dashboard without the ending slash

Sorry for troubles

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.