I'm using Uptime-Kuma for some monitoring, and I'm using Authentik to put some authentication in front of it. I've got it all working fine for normal flows. But now I'd like to be able to exclude a specific path from authentication (a status page which I would like to make public). The path is:
labels:
# Reverse proxy config
traefik.enable: "true"
traefik.http.routers.uptime-kuma.rule: "Host(`monitor.${PUBLIC_DOMAIN_NAME}`) && !PathPrefix(`/status/`)"
traefik.http.routers.uptime-kuma.entrypoints: "websecure"
traefik.http.routers.uptime-kuma.priority: "1"
traefik.http.routers.uptime-kuma.tls: "true"
traefik.http.services.uptime-kuma.loadbalancer.server.port: "${UPTIME_KUMA_PORT:?[uptime-kuma] Port missing}"
traefik.http.routers.uptime-kuma.middlewares: "authentik@file"
----> # Config below added to exclude path
# Router for /status/main (this excludes authentik middleware)
traefik.http.routers.uptime-kuma-status.rule: "Host(`monitor.${PUBLIC_DOMAIN_NAME}`) && PathPrefix(`/status/`)"
traefik.http.routers.uptime-kuma-status.entrypoints: "websecure"
traefik.http.routers.uptime-kuma-status.priority: "99"
traefik.http.routers.uptime-kuma-status.tls: "true"
traefik.http.routers.uptime-kuma-status.middlewares: "" # I've also tried removing this line completely
However, when I try to access the URL with /status/main, I get a blank white page. In the Chrome dev tools> Network tab I see some calls to my Authentik URL (they fail with a CORS error, but they are attempting to load).
Any advice on how I can update my config to remove the middleware correctly?
Yeah, I wasn't sure about the middlewares line either. For the record, I tested both with and without it.
I did add the port back in, but I'm getting a weird conflict error. I add this line (similar to the line I use to define the port for the main 'uptime-kuma' service):
traefik.http.services.uptime-kuma-status.loadbalancer.server.port: "${UPTIME_KUMA_PORT:?[uptime-kuma] Port missing}"
But then I get this error in the Traefik logs:
2024-11-17T10:08:35Z ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:497 > Router uptime-kuma-status cannot be linked automatically with multiple Services: ["uptime-kuma-status" "uptime-kuma"] providerName=docker routerName=uptime-kuma-status
2024-11-17T10:08:35Z ERR github.com/traefik/traefik/v3/pkg/provider/configuration.go:497 > Router uptime-kuma cannot be linked automatically with multiple Services: ["uptime-kuma-status" "uptime-kuma"] providerName=docker routerName=uptime-kuma
I try to specify the services explicitly by adding:
I found the problem, quite obvious in the end. My Traefik configuration was fine, but in order to load the page I needed, I needed some assets from the site, which was what triggered the authentication middleware.
I updated my config to the following, and things all look fine.
labels:
# Reverse proxy config
traefik.enable: "true"
traefik.http.routers.uptime-kuma.rule: "Host(`monitor.${PUBLIC_DOMAIN_NAME}`)"
traefik.http.routers.uptime-kuma.entrypoints: "websecure"
traefik.http.routers.uptime-kuma.tls: "true"
traefik.http.routers.uptime-kuma.middlewares: "authentik@file"
traefik.http.routers.uptime-kuma.service: "uptime-kuma"
traefik.http.services.uptime-kuma.loadbalancer.server.port: "${UPTIME_KUMA_PORT:?[uptime-kuma] Port missing}"
# Disable authentication for '/status/' path and subpaths
# Also including '/assets/', '/upload/' and '/api/' to allow the page to load required information
traefik.http.routers.uptime-kuma-status.rule: "Host(`monitor.${PUBLIC_DOMAIN_NAME}`) && (PathPrefix(`/status/`) || PathPrefix(`/assets/`) || PathPrefix(`/upload/`) || PathPrefix(`/api/`))"
traefik.http.routers.uptime-kuma-status.entrypoints: "websecure"
traefik.http.routers.uptime-kuma-status.tls: "true"
traefik.http.routers.uptime-kuma-status.service: "uptime-kuma"