Hi . I installed my traefik using trafik.yaml under /etc/traefik . I have another directory called mypage . in this dir I run my html with nginx using docker and meanwhile in this specific dir I would like to use docker compose to use my webapp (running in nginx) and traefik as a reverse proxy and also I need to add authorization using auoth2 . but these two config files are not in the same network do you have any ideas?
Using Docker Swarm and „not on the same network“?
Please share your Traefik static and dynamic config, and docker-compose.yml
if used.
version: '3'
services:
traefik-forward-auth:
image: thomseddon/traefik-forward-auth:2
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=your-client-id
- PROVIDERS_GOOGLE_CLIENT_SECRET=your-client-secret
- SECRET=something-random
- INSECURE_COOKIE=true # Example assumes no https, do not use in production
labels:
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
volumes:
- /etc/traefik/traefik.yaml:/etc/traefik/traefik.yaml
mypage:
image: "mypage"
container_name: 'mypage'
scale: 1
labels:
- "traefik.http.routers.mypage.rule=Host(`my.domain`)"
- "traefik.http.routers.mypage.middlewares=traefik-forward-auth"
I installed traefik on my server using traefik.yaml file under /etc/traefik
but I have a container running an html wepage in my home dir so how can I use traefik as a reverse proxy in that way?
For better readability please format your config with 3 backticks or use the </>
button when code is selected.
entrypoints:
web:
address: ":85"
tls:
stores:
default:
# generates self-signed certificates
defaultCertificate:
providers:
file:
filename: /etc/traefik/traefik.yaml
watch: true
providers.docker:
endpoint: "unix:///var/run/docker.sock"
defaultRule: "Host(`{{ normalize .Name }}.my.domain`)"
http:
routers:
traefik:
middlewares: "basicauth"
middlewares:
basicauth:
basicAuth:
removeHeader: true
users:
- user:password
zitadel:
headers:
isDevelopment: false
allowedHosts:
- 'my.domain'
customRequestHeaders:
:authority: 'my.domain'
routers:
# Redirect HTTP to HTTPS
router0:
entryPoints:
- web
middlewares:
- redirect-to-https
rule: 'HostRegexp(`my.domain`, `{subdomain:[a-z]+}.my.domain`)'
service: zitadel
# The actual ZITADEL router
router1:
entryPoints:
- websecure
service: zitadel
middlewares:
- zitadel
rule: 'HostRegexp(`my.domain`, `{subdomain:[a-z]+}.my.domain`)'
tls:
domains:
- main: "my.domain"
sans:
- "*.my.doamin"
- "my.domain"
# Add the service
services:
zitadel:
loadBalancer:
servers:
# h2c is the scheme for unencrypted HTTP/2
- url: h2c://zitadel:8080
passHostHeader: true
Hi thank you for your response.
I have this config file under /etc/traefik
and i need to serve an Html web page using traefik oauth2 . my html page is in another dir under home and it has docker compose in that dir so how can i change my docker compose or my traefik configuration to serve it with oauth2?
services:
traefik-forward-auth:
image: thomseddon/traefik-forward-auth:2
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=your-client-id
- PROVIDERS_GOOGLE_CLIENT_SECRET=your-client-secret
- SECRET=something-random
- INSECURE_COOKIE=true # Example assumes no https, do not use in production
labels:
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
volumes:
- /etc/traefik/traefik.yaml:/etc/traefik/traefik.yaml
mypage:
image: "mypage"
container_name: 'mypage'
scale: 1
labels:
- "traefik.http.routers.mypage.rule=Host(`my.domain`)"
- "traefik.http.routers.mypage.middlewares=traefik-forward-auth"
``
Traefik has 2 types of configuration: static and dynamic.
Static goes into traefik.yml
(or in docker-compose.yml
below command
) and includes elements like entrypoint
, providers
and certresolver
.
Dynamic config goes into a separate file (or on Docker service labels) and include elements like routers
, services
, custom TLS
certs.
Dynamic config is loaded in the static config with a provider
, like provider.file
for a file or provider.docker
for the labels.
Limitations: note that some dynamic configuration like loadbalancer.servers.url
is only available via file, not via labels.
so if I have a web running in the container locally how should i specify something in the static config and how should i specify in docker compose?
because i need to use traefik with zitadel and a web page so i need to have a configuration for both
Normally you would use Traefik in Docker, too, that way it can use a Docker network to connect the service. Simple Traefik example.
If you want to leave Traefik on the machine directly, you need to setup router
and service
in a file, use loadbalancer.servers.url
. Docs.
entrypoints:
web:
address: ":80"
providers:
file:
filename: /etc/traefik/traefik.yaml
http:
middlewares:
zitadel:
headers:
isDevelopment: false
allowedHosts:
- 'localhost'
customRequestHeaders:
:authority: 'localhost'
routers:
router0:
entryPoints:
- web
middlewares:
- redirect-to-https
rule: 'HostRegexp(`localhost`, `{subdomain:[a-z]+}.localhost`)'
service: zitadel
services:
zitadel:
loadBalancer:
servers:
- url: h2c://localhost:8080
passHostHeader: true
from the documentation of zitadel i have this traefik.yaml but when i use < systemctl start traefik >
it has the error.
level=error msg="Error occurred during watcher callback: yaml: line 54: did not find expected '-' indicator" providerName=file
This seems wrong to me:
Hi
I need this config file and i cant change it because it is from zitadel documentation.
I need to use traefik as a reverse proxy and zitadel for token and protect an html wepage with oauth2 in traefik .
I couldnot find oauth2 in traefik do you know about that?
Traefik is a reverse proxy. You can use ForwardAuth to redirect requests for authorization (docs). But I think you need an (external) "adapter" to use OAuth services with this.
I have zitadel to check the credential with it . Do you mean that or something different?
Traefik offers ForwardAuth, see docs link above. You need to check if your auth solution is compatible to the API or you need to find/build a bridge to translate between the two.
ok I found the answer but now I have the error:
msg="service \"test-auth\" error: unable to find the IP address for the container \"/test-auth\": the server is ignored" prov
msg="middleware \"redirect-to-https@file\" does not exist" entryPointName=web routerName=router0@file
msg="middleware \"zitadel@docker\" does not exist" routerName=mypage@docker entryPointName=web
Hi @farnooshaslan ,
It seems that the server URL associated with the test-auth is not reachable.
The other errors are misconfiguration, the referenced middleware is not present either because there is an issue in the configuration or because you are not using the right provider namespace (the @file
and @docker
)
I advise you to build step by step a single docker-compose that contains your application, traefik, and zitadel. You can start by adding your application in your docker-compose and see that everything works, then add traefik in the docker-compose and expose your service without middleware.
Once Traefik exposes your application well, add zitadel in the docker-compose.
Once all these steps are done, you can take out bricks from your docker again if you have the need.
To help you efficiently, please share your complete docker-compose and the traefik logs (with a debug level log).