In the end, after a LOT of time spent on configuration, I’m out of ideas. Something that’s supposed to be quite simple is becoming rather complicated. Hopefully, someone else can help me find the solution.
I’m trying to run a container with Traefik. Instead of putting all the configuration in the container's docker-compose file (docker-compose.yml), as many people do, I’m placing the configuration in a dedicated file (traefik.yml) since that’s more flexible for me.
I have the following docker-compose.yml file for Traefik:
version: "3.8"
services:
traefik:
image: traefik:latest
hostname: traefik
container_name: traefik
restart: unless-stopped
command:
- "--configFile=/traefik.yml"
networks:
- traefik_gw_bridge
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- ./traefik.yml:/traefik.yml
- logs:/logs
- letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 10s
timeout: 6s
retries: 2
start_period: 5s
networks:
traefik_gw_bridge:
driver: bridge
external: true
volumes:
letsencrypt:
logs:
And these are the configuration parameters I am using for traefik.yml:
api:
dashboard: true
insecure: false
ping:
entryPoint: web
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
traefik:
address: ":8080"
http:
routers:
dashboard:
rule: "Host(`traefikdash.mydomain.com`)"
entryPoints:
- traefik
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
- "admin:$apr1$Nzj4xQwY$QiXQ/eYHzKTFS.Lx.6XG71"
log:
filePath: "/logs/traefik.log"
format: json
level: DEBUG
accessLog:
filePath: "/logs/access.log"
bufferingSize: 150
certificatesResolvers:
le:
acme:
email: "[email protected]"
storage: "/letsencrypt/acme.json"
httpChallenge:
entryPoint: "web"
Logically, in the following part of the configuration file, I am trying to define a router to set up basic authentication with a username and password for the Dashboard:
http:
routers:
dashboard:
rule: "Host(`traefikdash.mydomain.com`)" # Reemplaza `yourdomain.com` con tu dominio
entryPoints:
- traefik
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
- "admin:$apr1$Nzj4xQwY$QiXQ/eYHzKTFS.Lx.6XG71"
I am unable to get the result I want. When I access traefikdash.mydomain.com
or traefikdash.mydomain.com:8080
or traefikdash.mydomain.com:8080/dashboard
/ traefikdash.mydomain.com/dashboard
, I simply get the following responses from Traefik and my browser:
- HTTP 404 Page not found
- Error connection refused
After trying various types of configurations, I simply can't find much more information on how to implement HTTP basic auth to access the Traefik Dashboard.
Finally, I found the solution.
The Traefik documentation isn't bad, but sometimes it isn't very specific either, and I needed to rely on the StackOverflow community to find the answer definitively.
Traefik handles dedicated configurations (configuration files) in different ways.
The dynamic configuration is basically the configuration of routers and middlewares provided to each provider, in my case, Static File Configuration.
So, finally, from traefik.yml, you need to reference a dynamic configuration file where you can implement HTTP Basic Auth, as follows:
In this way, when I accessed my URL domain, e.g.,
yourdomain.domain.com:8080
, it correctly prompted me for user authentication.