Hello Community!
these are the steps i follow to set up traefik using docker cli and labels, I have a problem setting up the authentication where I need you help!!
- Network with the name 'dmz' is created
docker network create dmz
- starting traefik with access to the docker network dmz and listening to 80, 443 and 8080 ports:
docker run --rm --name traefik \
--network dmz -d \
-p 80:80 -p 443:443 -p 8080:8080 traefik:v2.2.1
-v /var/run/docker.sock:/var/run/docker.sock:ro
-v /home/bob/acme.json:/acme.json
- label used and their usage
Label name | Label value | Label type | Description |
---|---|---|---|
traefik.http.routers.http-catchall.rule | HostRegexp(`{host:.+}`) | Router(HostRegexExp Rule) creation | A router object with the name http-catchall |
traefik.http.routers.http-catchall.middlewares | redirect-to-https | middlewares assignment | A middelware object reference |
traefik.http.routers.http-catchall.entrypoints | http | entryPoint assignment | An entrypoint reference |
traefik.http.routers.api.rule | Host("ci.domain.com") | Router Host Rule creation | A router object that handles request to ci.domain.com |
traefik.http.routers.api.entrypoints | http-alt | entryPoint assignment | Assign an entryPoint "http-alt" to the router object "api" |
traefik.http.routers.api.service | api@internal | Service assignment | Assign a Service "api-interal" to the router object "api" |
traefik.http.routers.api.middlewares | auth | middelware assignment | assignment a middelware "auth" for the router object "api" |
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme | https | middelware definition | Define a middelware redirect-to-https |
traefik.http.middlewares.auth.basicauth.users | admin:admin | middelware definition | Define a BasicAuth middelware and name it as "auth" |
- traefik docker image cli configuration:
--global.checkNewVersion=true \
--api=true \
--api.debug=true \
--api.dashboard=true \
--log=true \
--log.level=DEBUG \
--accessLog=true \
--providers.docker=true \
--providers.docker.swarmMode=false \
--entryPoints.http.address=:80 \
--entryPoints.https.address=:443 \
--entryPoints.http-alt.address=:8080 \
--providers.docker.network=dmz \
--certificatesResolvers.ci-domain.acme.email=info@domain.com \
--certificatesResolvers.ci-domain.acme.storage=acme.json \
--certificatesResolvers.ci-domain.acme.httpChallenge.entryPoint=http \
--certificatesResolvers.ci-domain.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- create user password pair:
root@b663a6c4fb6b:/# #according to: https://docs.traefik.io/v2.0/middlewares/basicauth/
root@b663a6c4fb6b:/# #echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
root@b663a6c4fb6b:/# #echo $(htpasswd -nb admin admin) | sed -e s/\\$/\\$\\$/g
root@b663a6c4fb6b:/# echo $(htpasswd -nb admin admin) | sed -e s/\\$/\\$\\$/g
admin:$$apr1$$42hHNsKl$$.Y7GgFRJ4HEaii4GxOCMp0
root@b663a6c4fb6b:/#
- final docker cli with encrypted user:passwords
docker run --rm --name traefik \
--network dmz -d \
-p 80:80 -p 443:443 -p 8080:8080 \
--label="traefik.http.routers.http-catchall.rule=HostRegexp(\`{host:.+}\`)" \
--label="traefik.http.routers.http-catchall.middlewares=redirect-to-https" \
--label="traefik.http.routers.http-catchall.entrypoints=http" \
--label="traefik.http.routers.api.rule=Host(\"ci.domain.com\")" \
--label="traefik.http.routers.api.entrypoints=http-alt" \
--label="traefik.http.routers.api.service=api@internal" \
--label="traefik.http.routers.api.middlewares=auth"\
--label="traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" \
--label="traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$42hHNsKl$$.Y7GgFRJ4HEaii4GxOCMp0" \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /home/bob/acme.json:/acme.json \
traefik:v2.2.1 \
--global.checkNewVersion=true \
--api=true \
--api.debug=true \
--api.dashboard=true \
--log=true \
--log.level=DEBUG \
--accessLog=true \
--providers.docker=true \
--providers.docker.swarmMode=false \
--entryPoints.http.address=:80 \
--entryPoints.https.address=:443 \
--entryPoints.http-alt.address=:8080 \
--providers.docker.network=dmz \
--certificatesResolvers.ci-domain.acme.email=info@domain.com \
--certificatesResolvers.ci-domain.acme.storage=acme.json \
--certificatesResolvers.ci-domain.acme.httpChallenge.entryPoint=http \
--certificatesResolvers.ci-domain.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
- the errors i do get when i try to login:
184.105.139.69 - - [05/May/2020:15:31:04 +0000] "GET / HTTP/1.1" 404 19 "-" "-" 83 "-" "-" 0ms
time="2020-05-05T15:46:19Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:19 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 84 "api@docker" "-" 0ms
time="2020-05-05T15:46:21Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:21 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 85 "api@docker" "-" 0ms
time="2020-05-05T15:46:22Z" level=debug msg="Authentication failed" middlewareName=auth@docker middlewareType=BasicAuth
5.146.198.125 - - [05/May/2020:15:46:22 +0000] "GET /dashboard/ HTTP/1.1" 401 17 "-" "-" 86 "api@docker" "-" 0ms
I would be more than glad for any hints that could help me figure out whats wrong with my configs!!
thanks & regards
Yassine