Serving both Ping + API/Dashboard securely, but ping without requiring authentication

darkl0rd · January 10, 2020, 10:59am

In v1, one could setup Traefik to expose it's dashboard, api and ping, but the ping endpoint would not be subject to authentication.

In v2, I am unable to attach two services to the same router (api@internal, ping@internal) - and the middleware defined for authentication applies to the entire router; so even if I would get both services working on the same router, both would also be subject to authentication.

In v1 this was as simple as setting:

command:
  --entrypoints=Name: <http and https> ...
  --entrypoints=Name:traefik Address::8080 Auth.Basic.Users:...
  --api
  --api.dashboard
  --ping
  ...
labels:
  - traefik.port=8080
  - traefik.frontend.rule=traefik.my.domain

https://traefik.my.domain/dashboard -> required auth
https://traefik.my.domain/ping -> did not require auth

How can I achieve the same in Traefik v2?

darkl0rd · January 10, 2020, 11:32am

My solution in v2 at the moment:

services:
  traefik:
    ...
    ...
    labels:
      - "traefik.enable=true"
      # Dashboard
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.my.domain`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

      # Dashboard Authentication 
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:..."

      # Secure Ping endpoint
      - "traefik.http.routers.ping.rule=Host(`traefik.my.domain`) && Path(`/ping`)"
      - "traefik.http.routers.ping.tls=true"
      - "traefik.http.routers.ping.tls.certresolver=http"
      - "traefik.http.routers.ping.service=ping@internal"

Is this the preferred/correct approach?

ldez · January 10, 2020, 1:02pm

Hello, it's the correct approach.

Just a question: why do you want to expose your ping over internet?

darkl0rd · January 10, 2020, 6:32pm

Hi Idez,

To be able to perform ping probes from several different regions (For instance PingDom). This way I can determine amongst others availability of my web application from Asia and the USA.

Thanks.

Topic		Replies	Views
[SOLVED] Dashboard & API with Separate auth Traefik v2 (latest) middleware	5	1283	May 13, 2021
Traefik V2 with multiple non docker backend Traefik v2 (latest) file	3	2511	January 29, 2020
Different handling for /dashboard and /metrics Traefik v2 (latest) metrics , dashboard-api , middleware	3	276	July 16, 2023
How do i use forwardauth for Traefik dashboard? Traefik v2 (latest) docker , dashboard-api , middleware	7	2423	January 17, 2023
Allow access from one IP, require basic auth from all other sources Traefik v2 (latest) docker , middleware	4	2494	February 21, 2022

Serving both Ping + API/Dashboard securely, but ping without requiring authentication

Related Topics