[SOLVED] Dashboard & API with Separate auth

asdf · May 8, 2021, 9:01pm

I'm running into an issue with the following scenario; I'm attempting to run traefik's dashboard behind authelia (for obvious reasons), but I also want the API secured with basic auth (for other reasons). Currently I'm attempting to test this using the api and dashboard as two different routers (one tied to authelia and one tied to basic auth) but it seems that no matter what I do, when I configure the API to use basic auth it also forces the dashboard to use basic auth despite what the dashboard itself says about the configured middlewares. Ans insight into why this is the case would be very much appreciated.

http:
  routers:
    api:
      rule: "Host(`traefik.xxxxxxxxxxxxxx.com`) && PathPrefix(`/api`)"
      entrypoints:
        - web
        - websecure
      service: api@internal
      middlewares:
        - default
        - authbasic
      tls: {}

    dashboard:
      rule: "Host(`traefik.xxxxxxxxxxxxxx.com`) && PathPrefix(`/dashboard`)"
      entrypoints:
        - web
        - websecure
      service: api@internal
      middlewares:
        - default
        - authelia
      tls: {}

Expected: Two endpoints, one serving basic auth and the other serving authelia.

Observed: Two seperate endpoints. API endpoint serving basic auth as intended, Dashboard serving Authelia and basic auth.

Any help is appreciated, but if you're bringing suggestions then keep them in the realm of my requirements.

cakiwi · May 9, 2021, 12:34am

Dashboard will access /api. So as you have it you will be prompted for both authentications.

asdf · May 9, 2021, 3:50pm

If that's the case then what's the best way to handle this? I'm not leaving the API Exposed without auth, but I'm not leaving basic auth for the dashboard in place either. There has to be a good way to address this.

cakiwi · May 9, 2021, 10:32pm

Keep a rule for dashboard that has both /api and /dashboard and using authelia.

Create another router that you use with authbasic. This rule cannot conflict with the other. You'll have to work out the approach you want to take.

A different Host rule
PathPrefix & StripPrefix middleware
Headers or HeadersRexexp

asdf · May 10, 2021, 12:31am

Perfect, I figured there was a deceptively simple solution

system · May 13, 2021, 12:32am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik BasicAuth Dashboard Traefik v2 docker , middleware	4	2836	June 1, 2020
Serving both Ping + API/Dashboard securely, but ping without requiring authentication Traefik v2 docker , docker-swarm , ping	3	1760	January 10, 2020
Try to add basic auth for dashboard, but failed due to priority problem Traefik v2 docker , dashboard-api	0	453	January 23, 2022
Dashboard basic_auth & stripprefix middlewares doesn't work together Traefik v2 docker , dashboard-api , middleware	2	1005	February 6, 2022
Different handling for /dashboard and /metrics Traefik v2 metrics , dashboard-api , middleware	3	349	July 16, 2023

[SOLVED] Dashboard & API with Separate auth

Related topics