Menu
My goal is to protect the traefik front-end with basic authentication.
I am running Traefik version v1.4.3 built on 2017-11-14_11:14:24AM in a Docker container.
My docker-compose.yml file looks like this:
version: "3"
services:
proxy:
image: traefik
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
ports:
- "80:80"
- "8081:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ~/git/traefik/traefik.toml:/etc/traefik/traefik.toml
- ~/git/traefik/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_nw
The section for the web frontend in my traefik.toml file looks like this:
....
# Enable web configuration backend
[web]
address = ":8080"
[web.auth.basic]
usersFile = "/etc/traefik/.htpasswd"
...
But my custom traefik.toml file seems not to be mountet/read by traefik - still no authentication necessary for the traefik front-end.
The debug log output looks like this:
$ docker-compose up
Starting traefik_proxy_1
Attaching to traefik_proxy_1
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Traefik version v1.4.3 built on 2017-11-14_11:14:24AM"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":[],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":null,"Stats":null,"StatsRecorder":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc420270180} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting provider *web.Provider {"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":{},"Stats":{"Uptime":"2017-11-20T07:30:10.282646542Z","Pid":1,"ResponseCounts":{},"TotalResponseCounts":{},"TotalResponseTime":"0001-01-01T00:00:00Z"},"StatsRecorder":null}"
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Starting server on :80"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Provider connection established with docker 17.09.0-ce (API 1.32)"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Validation of load balancer method for backend backend-proxy-traefik failed: invalid load-balancing method ''. Using default method wrr."
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-proxy-traefik":{"servers":{"server-traefik_proxy_1":{"url":"http://172.19.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-proxy-traefik-docker-localhost-0":{"backend":"backend-proxy-traefik","routes":{"route-frontend-Host-proxy-traefik-docker-localhost-0":{"rule":"Host:proxy.traefik.docker.localhost"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Last docker config received more than 2s, OK"
proxy_1 | time="2017-11-20T07:30:10Z" level=debug msg="Creating frontend frontend-Host-proxy-traefik-docker-localhost-0"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="No entrypoint defined for frontend frontend-Host-proxy-traefik-docker-localhost-0, defaultEntryPoints:[]"
proxy_1 | time="2017-11-20T07:30:10Z" level=error msg="Skipping frontend frontend-Host-proxy-traefik-docker-localhost-0..."
proxy_1 | time="2017-11-20T07:30:10Z" level=info msg="Server configuration reloaded on :80"
I followed the docu from here: http://docs.traefik.io/configuration/backends/web/#authentication
I can not see whats wrong with my setup.
204
Configuration File At startup, Traefik searches for static configuration in a file named traefik. yml (or traefik. yaml or traefik.
We're publishing the default HTTP ports 80 and 443 on the host, and making sure the container is placed within the web network we've created earlier on. Finally, we're giving this container a static name called traefik .
Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components (Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ...) and configures itself automatically and dynamically.
The reason why the setup shown in my own question was not working, was the 'command' entry in my docker-compose.yml file:
command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
This command overwrite the [web] and [docker] settings form my traefik.toml file.
So in case when you start traefik as a docker container with docker-compose, the docker-compose.yml file should not! contain any commands if you mount a custom traefik.toml file. In this scenario, all settings should be placed into the trafik.toml file.
So it works with the following docker-compose.yml file:
version: "3"
services:
proxy:
image: traefik
ports:
- "80:80"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- $PWD/traefik.toml:/etc/traefik/traefik.toml
- $PWD/.htpasswd:/etc/traefik/.htpasswd
networks:
default:
external:
name: my_network
Note that the traefik.toml file must be mounted into container directory /etc/traefik/
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With