Hello.
I use the traefik binary on a fedora 34 and I tried to add a basicAuth middleware on the traefik endpoint to secure it. (without creation of an additionnal api entrypoint on 8080 because I have issue the this port is used). But it provide bugs on the dashboard (Dashboard home links to explore http services ; http middlewares not work ; On routers page, links to display services and middle ware not display the same number of services/middlewares on it and not work too). Missing services are dashboard_stripprefix@internal and dashboard_redirect@internal but probably works because the redirection from / to dashboard work...
My configuration is:
/etc/traefik/traefik.toml:
################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
#
################################################################
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = false
sendAnonymousUsage = false
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]
# Log level
#
# Optional
# Default: "ERROR"
#
#level = "DEBUG"
level = "DEBUG"
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "log/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
[accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
[api]
# Enable the API in insecure mode
#
# Optional
# Default: false
#
# insecure = true
insecure = false
# Enabled Dashboard
#
# Optional
# Default: true
#
# dashboard = false
dashboard = true
################################################################
# Ping configuration
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
[providers.docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
endpoint = "unix:///var/run/docker.sock"
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
# defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedByDefault = false
################################################################
# Use file providersfor traefik internal dynamic configuration to add basic auth
################################################################
[providers.file]
directory = "/etc/traefik/conf"
watch = true
and /etc/traefik/conf/dynamic.toml:
################################################################
# Dashboard secure
################################################################
[http]
[http.routers]
# create router for api
[http.routers.api_router]
entryPoints = ["traefik"]
service = "api@internal"
# rule = "(Host(`traefik.localhost`) && PathPrefix(`/api`) || Host(`localhost`) && PathPrefix(`/api`))"
rule = "PathPrefix(`/api`)"
middlewares = ["authbasic"]
# create router for dashboard
[http.routers.dashboard_router]
entryPoints = ["traefik"]
service = "dashboard@internal"
# rule = "(Host(`traefik.localhost`) && PathPrefix(`/dashboard`) || Host(`localhost`) && PathPrefix(`/dashboard`))"
rule = "PathPrefix(`/`)"
middlewares = ["authbasic"]
[http.middlewares]
# create middleware to enable basic authentication (htpasswd -nB admin) #passwd=admin
[http.middlewares.authbasic.basicAuth]
users=[
"admin:$2y$05$ZsOMMPU./eBsV2m2rQBdDuv4RGhGbVZqmK7P/V25bJufeUfotH2B6"
]
If you have an idea about how to add this basic auth middleware on the traefik endpoint correctly
Thanks in advance