Serving both Ping + API/Dashboard securely, but ping without requiring authentication

Traefik Traefik v2
, ,
1

In v1, one could setup Traefik to expose it's dashboard, api and ping, but the ping endpoint would not be subject to authentication.

In v2, I am unable to attach two services to the same router (api@internal, ping@internal) - and the middleware defined for authentication applies to the entire router; so even if I would get both services working on the same router, both would also be subject to authentication.

In v1 this was as simple as setting:

command:
  --entrypoints=Name: <http and https> ...
  --entrypoints=Name:traefik Address::8080 Auth.Basic.Users:...
  --api
  --api.dashboard
  --ping
  ...
labels:
  - traefik.port=8080
  - traefik.frontend.rule=traefik.my.domain

https://traefik.my.domain/dashboard -> required auth
https://traefik.my.domain/ping -> did not require auth

How can I achieve the same in Traefik v2?

2

My solution in v2 at the moment:

services:
  traefik:
    ...
    ...
    labels:
      - "traefik.enable=true"
      # Dashboard
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.my.domain`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

      # Dashboard Authentication 
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:..."

      # Secure Ping endpoint
      - "traefik.http.routers.ping.rule=Host(`traefik.my.domain`) && Path(`/ping`)"
      - "traefik.http.routers.ping.tls=true"
      - "traefik.http.routers.ping.tls.certresolver=http"
      - "traefik.http.routers.ping.service=ping@internal"

Is this the preferred/correct approach?

3

Hello, it's the correct approach.

Just a question: why do you want to expose your ping over internet?

4

Hi Idez,

To be able to perform ping probes from several different regions (For instance PingDom). This way I can determine amongst others availability of my web application from Asia and the USA.

Thanks.