Using secrets for basic auth in labels across multiple containers

Traefik Traefik v3 (latest)
, ,
1

I currently have traefik:v3.2.3 running, deployed as a docker container, along with the homepage app. They are not in the same stack, however they are sharing the same traefik network.

What I'm curious about is creating separate basic auth for them. Currently when I declare secrets for each of them in their own respective docker-compose.yml files, the traefik dashboard reports the homepage middleware secret doesn't exist.

However, when I add and declare it within the docker-compose.yml for traefik, the error goes away and I can access both. I'm assuming this is intentional? I would rather keep them separate and maintained within their own file structure as I'm deploying using Ansible Playbooks. It was also not enough to add both stacks to a homepage_network.

error from the dashboard:
open /run/secrets/HOMEPAGE_AUTH: no such file or directory

middleware yml for homepage:

http:
  middlewares:
    homepage-basic-auth:
      basicAuth:
        usersFile: "/run/secrets/HOMEPAGE_AUTH"
        realm: "Homepage Basic Auth Realm"

middleware yml for traefik:

http:
  middlewares:
    middlewares-basic-auth:
      basicAuth:
        usersFile: "/run/secrets/TRAEFIK_AUTH"
        realm: "Traefik 3 Basic Auth"

traefik docker-compose.yml:

secrets:
  # HOMEPAGE_AUTH:
  #   file: "./secrets/HOMEPAGE_AUTH.secret"
  TRAEFIK_AUTH:
    file: "./secrets/TRAEFIK_AUTH.secret"
  CF_API_EMAIL:
    file: "./secrets/CF_API_EMAIL.secret"
  CF_API_KEY:
    file: "./secrets/CF_API_KEY.secret"
  CF_DNS_API_TOKEN:
    file: "./secrets/CF_DNS_API_TOKEN.secret"
  CF_ZONE_API_TOKEN:
    file: "./secrets/CF_ZONE_API_TOKEN.secret"

services:
  traefik:
    image: traefik:v3.2.3
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik_network
    ports:
      - "88:80"
      - "8443:443"
      - "8080:8080"
    secrets:
      # - "HOMEPAGE_AUTH"
      - "TRAEFIK_AUTH"
      - "CF_API_EMAIL"
      - "CF_API_KEY"
      - "CF_DNS_API_TOKEN"
      - "CF_ZONE_API_TOKEN"
    environment:
      - "TZ=America/Chicago"
      - "TRAEFIK_AUTH_FILE=/run/secrets/TRAEFIK_AUTH"
      - "CF_API_EMAIL_FILE=/run/secrets/CF_API_EMAIL"
      - "CF_API_KEY_FILE=/run/secrets/CF_API_KEY"
      - "CF_DNS_API_TOKEN_FILE=/run/secrets/CF_DNS_API_TOKEN"
      - "CF_ZONE_API_TOKEN_FILE=/run/secrets/CF_ZONE_API_TOKEN"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /run/docker.sock:/run/docker.sock:ro
      - ./config:/etc/traefik
      - ./data/certs/:/var/traefik/certs/:rw
      - traefik-logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.example.com`)"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=example.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.example.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.example.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=middlewares-basic-auth@file"

homepage docker-compose.yml:

secrets:
  HOMEPAGE_AUTH:
    file: "./secrets/HOMEPAGE_AUTH.secret"

services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    container_name: homepage
    ports:
      - 3000:3000
    volumes:
      - ${HOMEPAGE_HOME_DIRECTORY}:/app/config # Make sure your local config directory exists
      - /var/run/docker.sock:/var/run/docker.sock # (optional) For docker integrations, see alternative methods
    secrets:
      - "HOMEPAGE_AUTH"
    environment:
      - "HOMEPAGE_FILE_HOMEPAGE_AUTH=/run/secrets/HOMEPAGE_AUTH"
      - "PUID=$PUID"
      - "PGID=$PGID"
    networks:
      - homepage_net
      - traefik_network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.homepage.entrypoints=http"
      - "traefik.http.routers.homepage.rule=Host(`homepage.example.com`)"
      - "traefik.http.routers.homepage-https.entrypoints=https"
      - "traefik.http.routers.homepage-https.tls=true"
      - "traefik.http.routers.homepage-https.tls.certresolver=cloudflare"
      - "traefik.http.routers.homepage-https.rule=Host(`homepage.example.com`)"
      - "traefik.http.routers.homepage-https.middlewares=homepage-basic-auth@file"

networks:
  homepage_net:
    external: true
    name: homepage_net
  traefik_network:
    external: true
2

This ended up being a duplicate because of a new account so it wasn't posted for over a week.
Link to the more recent post. It has more details.

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.