Syntax for multiple middlewares (HTTPS redirect and auth)

Traefik Traefik v2
,
1

Hi,

i'm currently in the process of migrating from v1 to v2. This is a working v1 example for docker i have:

      traefik.backend: resilio
      traefik.enable: "true"
      traefik.frontend.rule: Host:resilio.mytld
      traefik.port: "8888" 
      traefik.frontend.auth.basic.users=xxxxxx:xxxxxxxx

I cannot figure it out how to migrate this to v2. Currently my attempt looks like this:

     traefik.http.routers.web.rule: Host('resilio.mytld')
     traefik.http.routers.web.entrypoints: web
     traefik.http.routers.web.middlewares: redirect@file
     traefik.http.routers.web-secured.rule: Host('resilio.mytld')
     traefik.http.routers.web-secured.entrypoints: web-secure
     traefik.http.routers.web-secured.tls: true
     traefik.http.routers.web-secured.service: resilio
     traefik.http.services.resilio.loadbalancer.server.port: 8888

This should work for the HTTPS router pointing to the service listening on HTTPS, shouldn't it?

However, i have two questions:

  1. What is the proper syntax for adding multiple middlewares to a router with labels for a docker container definition? The documentation says: A list. Since i am defining the containers via the ansible docker_container module, one could assume a list in yaml style, but that cannot apply for a "simple" docker run command.
  2. What does the redirect@file middleware do? It is copypasted from the docs, but according to the docs there does not exist a redirect@file middleware. Wouldn't a RedirectScheme be more appropriate, like described in the lists of middlewares?

Maybe someone can help me accomplish my goal of translating the above v1 snippet to a v2 snippet which does the same, so i can adapt it to my other services.

2

I had a very similar question here Global http to https redirect in v2 .. but not label related. Similar assumption but yet similar unsure :slight_smile:

3

I'm also still learning and deciphering the documentation, but I think this will help...

First, the @file syntax is a provider reference to dynamic file configuration. In order for your labels to work, you'd load a dynamic configuration that contained something like the following:

[http.middlewares]
  [http.middlewares.redirect.redirectscheme]
    scheme = "https"
  [http.middlewares.auth.basicAuth]
    users = [
      "user:$$encodedpassword123$$",
    ]

Note that "redirect" and "auth" are arbitrary names we're using in this example that reference the middleware configuration.

Then, because I don't believe they're referring to a YAML list rather than a literal list, in order to load both auth and redirect middlewares, I believe you'd do:

     - "traefik.http.routers.web.rule: Host('resilio.mytld')"
     - "traefik.http.routers.web.entrypoints: web"
     - "traefik.http.routers.web.middlewares: redirect@file, auth@file"
     - "traefik.http.routers.web-secured.rule: Host('resilio.mytld')"
     - "traefik.http.routers.web-secured.entrypoints: web-secure"
     - "traefik.http.routers.web-secured.tls: true"
     - "traefik.http.routers.web-secured.service: resilio"
     - "traefik.http.services.resilio.loadbalancer.server.port: 8888"

That said, you may want to attach your auth middleware to your secured route?

Again, any part of this may be incorrect as the docs have felt incomplete and a bit hard to follow for me thus far, but hopefully it helps you along.

1 Like
4

@emce No, you got it right. :slight_smile: redirect@file is indeed how you refer to a middleware arbitrarily named redirect, which would be defined for the file provider, i.e. in a dynamic file configuration.

Also, yes, a comma separated list should be the syntax to refer to a list of middlewares in a router, as confirmed in: https://docs.traefik.io/v2.0/reference/dynamic-configuration/docker/

1 Like
5

Thanks for your answers. They have helped me a bit. However, currently i am struggling with the dynamic file configuration.
I have created a directory called conf.d and mounted it in /conf.d in the traefik container.
I reference this directory in the traefik.yaml with the following snippet:

providers:
  file:
    directory: /conf.d
    watch: true

Inside this directory there is a file called redirect.yaml with the following content:

http:
  middlewares:
    redirect:
      redirectScheme:
        scheme: https

And these are the labels with whom i want to make the traefik dashboard available via HTTP-to-HTTPS redirect and basic auth:

   labels:
      traefik.enable: "true"
      traefik.http.routers.api.rule: "Host(`traefik.mydomain`)"
      traefik.http.routers.api.middlewares: "redirect@file"
      traefik.http.routers.api-secured.rule: "Host(`traefik.mydomain`)"
      traefik.http.routers.api-secured.middlewares: "auth"
      traefik.http.routers.api-secured.service: "api@internal"
      traefik.http.middlewares.auth.basicauth.users: "user.$pass$"

I already was successful with accessing the dashboard via plaintext HTTP, but the currrent configuration gives me these errors:

time="2019-09-19T08:37:26Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=web routerName=api@docker
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=web-secure routerName=api@docker
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=traefik routerName=api@docker

Why?

6

I fixed it. I didn't notice i already had a provider section for docker. Now everything's fine. Next step: Catchall HTTPS redirect, but i'll look into @EugenMayer s thread for that.

7

Just to ask - is it better to configure redirects to http via ENTRYPOINT or MIDDLEWARE ? Are there any advantages / disadvantages?

8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.