Securing the dashboard ipwhitelist

l0rdraiden · May 25, 2023, 9:08am

I'm trying to limit the access to the traefik dashboard using ipwhitelist function

I'm using ipwhitelist in the way you see bellow but I can still access to it from different networks like 10.10.40.1/24

Is there a way to solve this? I'm using a valid domain and a lets encrypt cert but I don't want it to be accessed from internet although I'm not publishing this cname

Basically I don't want this app be accessed from anywhere except 10.10.10.1/24

###############################################################
# Traefik 
###############################################################

version: '3.9'

# Services ####################################################

services:

  traefik:
    container_name: Traefik
    image: traefik:latest
    restart: unless-stopped
    depends_on:
      - socketproxy
    networks:
      socketproxy: # rename this to your custom docker network
      br2:
        ipv4_address: 10.10.50.250
    dns: 10.10.50.5
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # Dashboard port
    volumes:
      - "/mnt/user/Docker/Traefik:/etc/traefik/"
    environment:
      - TZ
      - DOCKER_HOST=socketproxy
      - CF_API_EMAIL=asdasdasdasda@gmail.com
      - CF_DNS_API_TOKEN=asdasdasdasdasdasd    
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.traefik-dashboard.ipwhitelist.sourcerange=10.10.10.1/24"
      #- "traefik.http.middlewares.traefik-dashboard-ipwhitelist.ipwhitelist.ipstrategy.depth=2"
      - "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080" #required
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.testest.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
      - "traefik.http.routers.traefik-dashboard.tls=true"
      - "traefik.http.routers.traefik-dashboard.service=api@internal" #required
      #- "traefik.http.routers.api.service=api@internal" #required
      #- "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
      #- "traefik.http.routers.traefik-dashboard.entrypoints=https443"

  socketproxy:
    container_name: Traefik_socket-proxy
    image: tecnativa/docker-socket-proxy
    restart: unless-stopped
    networks:
      - socketproxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
      - CONTAINERS=1
      - POST=0
    privileged: true

networks:
  br2:
    driver: macvlan
    external: true
  socketproxy:
    internal: true

Doesn't appear as middlewares
- "traefik.http.middlewares.traefik-dashboard.ipwhitelist.sourcerange=10.10.10.1/24"

bluepuma77 · May 25, 2023, 11:11am

You need to create and assign the middleware (doc).

l0rdraiden · May 25, 2023, 2:02pm

Thanks

  - "traefik.http.middlewares.localwhitelist2.ipwhitelist.sourcerange=10.10.10.1/24"
  - "traefik.http.routers.traefik-dashboard.middlewares=localwhitelist2"

system · May 28, 2023, 2:02pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Insecure dashboard. Resources seems hardcoded to / in html Traefik v2 (latest) dashboard-api	1	484	December 10, 2019
Local Dashboard Access Traefik v2 (latest) docker	6	1538	March 3, 2021
Dashboard Access Can't Connect to Server Traefik v2 (latest) docker	16	2747	February 9, 2021
Unable to access traefik dashboard in local network but okay when outside of local network Traefik v2 (latest) docker	0	315	June 8, 2022
Api and Dashboard docker labels Traefik v2 (latest) docker	1	1917	December 23, 2019

Securing the dashboard ipwhitelist

Related Topics