Authentication failure with traefik:2.2.1

Traefik Traefik v2 (latest)
, ,
1

Hello Community!

these are the steps i follow to set up traefik using docker cli and labels, I have a problem setting up the authentication where I need you help!!

  1. Network with the name 'dmz' is created
docker network create dmz
  1. starting traefik with access to the docker network dmz and listening to 80, 443 and 8080 ports:
docker run --rm --name traefik \
  --network dmz  -d \
  -p 80:80 -p 443:443 -p 8080:8080 traefik:v2.2.1 
  -v /var/run/docker.sock:/var/run/docker.sock:ro 
  -v /home/bob/acme.json:/acme.json
  1. label used and their usage
Label name Label value Label type Description
traefik.http.routers.http-catchall.rule HostRegexp(`{host:.+}`) Router(HostRegexExp Rule) creation A router object with the name http-catchall
traefik.http.routers.http-catchall.middlewares redirect-to-https middlewares assignment A middelware object reference
traefik.http.routers.http-catchall.entrypoints http entryPoint assignment An entrypoint reference
traefik.http.routers.api.rule Host("ci.domain.com") Router Host Rule creation A router object that handles request to ci.domain.com
traefik.http.routers.api.entrypoints http-alt entryPoint assignment Assign an entryPoint "http-alt" to the router object "api"
traefik.http.routers.api.service api@internal Service assignment Assign a Service "api-interal" to the router object "api"
traefik.http.routers.api.middlewares auth middelware assignment assignment a middelware "auth" for the router object "api"
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme https middelware definition Define a middelware redirect-to-https
traefik.http.middlewares.auth.basicauth.users admin:admin middelware definition Define a BasicAuth middelware and name it as "auth"
  1. traefik docker image cli configuration:
  --global.checkNewVersion=true \
  --api=true \
  --api.debug=true \
  --api.dashboard=true \
  --log=true \
  --log.level=DEBUG \
  --accessLog=true \
  --providers.docker=true \
  --providers.docker.swarmMode=false \
  --entryPoints.http.address=:80 \
  --entryPoints.https.address=:443 \
  --entryPoints.http-alt.address=:8080 \
  --providers.docker.network=dmz \
  --certificatesResolvers.ci-domain.acme.email=info@domain.com \
  --certificatesResolvers.ci-domain.acme.storage=acme.json \
  --certificatesResolvers.ci-domain.acme.httpChallenge.entryPoint=http \
  --certificatesResolvers.ci-domain.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
  1. create user password pair:
root@b663a6c4fb6b:/# #according to:  https://docs.traefik.io/v2.0/middlewares/basicauth/
root@b663a6c4fb6b:/# #echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
root@b663a6c4fb6b:/# #echo $(htpasswd -nb admin admin) | sed -e s/\\$/\\$\\$/g
root@b663a6c4fb6b:/# echo $(htpasswd -nb admin admin) | sed -e s/\\$/\\$\\$/g
admin:$$apr1$$42hHNsKl$$.Y7GgFRJ4HEaii4GxOCMp0
root@b663a6c4fb6b:/#
  1. final docker cli with encrypted user:passwords
docker run --rm --name traefik \
  --network dmz  -d \
  -p 80:80 -p 443:443 -p 8080:8080 \
  --label="traefik.http.routers.http-catchall.rule=HostRegexp(\`{host:.+}\`)"  \
  --label="traefik.http.routers.http-catchall.middlewares=redirect-to-https"  \
  --label="traefik.http.routers.http-catchall.entrypoints=http"  \
  --label="traefik.http.routers.api.rule=Host(\"ci.domain.com\")" \
  --label="traefik.http.routers.api.entrypoints=http-alt" \
  --label="traefik.http.routers.api.service=api@internal" \
  --label="traefik.http.routers.api.middlewares=auth"\
  --label="traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" \
  --label="traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$42hHNsKl$$.Y7GgFRJ4HEaii4GxOCMp0" \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -v /home/bob/acme.json:/acme.json \
  traefik:v2.2.1 \
  --global.checkNewVersion=true \
  --api=true \
  --api.debug=true \
  --api.dashboard=true \
  --log=true \
  --log.level=DEBUG \
  --accessLog=true \
  --providers.docker=true \
  --providers.docker.swarmMode=false \
  --entryPoints.http.address=:80 \
  --entryPoints.https.address=:443 \
  --entryPoints.http-alt.address=:8080 \
  --providers.docker.network=dmz \
  --certificatesResolvers.ci-domain.acme.email=info@domain.com \
  --certificatesResolvers.ci-domain.acme.storage=acme.json \
  --certificatesResolvers.ci-domain.acme.httpChallenge.entryPoint=http \
  --certificatesResolvers.ci-domain.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
  1. the errors i do get when i try to login:
184.105.139.69 - - [05/May/2020:15:31:04 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 83 "-" "-" 0ms
time="2020-05-05T15:46:19Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:19 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 84 "api@docker" "-" 0ms
time="2020-05-05T15:46:21Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:21 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 85 "api@docker" "-" 0ms
time="2020-05-05T15:46:22Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:22 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 86 "api@docker" "-" 0ms

I would be more than glad for any hints that could help me figure out whats wrong with my configs!!

thanks & regards
Yassine

2

This has not been answered since May 2020, have you managed to find a solution? If i can summarise the problem you are setting up basic auth on your ci domain so the api can be displayed but get authentication errors even with a simple password.

I have the same error with versions 2.3 or 2.4 . Not sure what the problem is but there must be some problems inside traefik that does not show up in logs. I hope someone could have provided a hint on what to look for

3

hi @bizmate,

yes i manaed to solve the problem creating the traefik.yml and adding the following there:

api: {}

just an empty api and everything from above remains as it is

good luck!

1 Like