路径上的 Traefik 基本身份验证
Traefik basic auth on path
我正在尝试用密码保护应用程序的特定路径,但似乎我遗漏了一些东西,而且 traefik 文档没有帮助:
从 docker 粘贴:
traefik:
command:
- "--log.level=INFO"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=email@email.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
服务:
labels:
- "traefik.enable=true"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service.rule=Host(`domain.example.com`)"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
如果我添加以下标签,基本身份验证可以正常工作,但它在整个网站上都已启用:
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service.middlewares=service,service-auth"
我试过像这样添加第二个路由器,但这似乎不起作用:
"traefik.http.routers.service-admin.rule=Host(domain.example.com) && PathPrefix(/somepath)"
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service-admin.middlewares=service-auth"
我错过了什么?
我认为你配置错误的第二个路由器,尝试这样做
"traefik.http.routers.service-admin.rule=Host(domain.example.com) && PathPrefix(/somepath)"
"traefik.http.middlewares.service-admin.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service-admin.middlewares=service-admin"
"traefik.http.routers.service-admin.service=$yourservice"
我通过一些 "educated" 的猜测设法弄明白了。标签的顺序和它们之间的间距似乎起着至关重要的作用。添加第二个路由器(没有服务)确实是实现此目的的正确方法,但分离路由器和中间件代码块很重要:
- "traefik.enable=true"
- "traefik.http.routers.service.rule=Host(`example.example.com`)"
- "traefik.http.routers.service-admin.rule=Host(`example.example.com`) && PathPrefix(`/somepath`)"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
- "traefik.http.routers.service-admin.tls.certresolver=letsencrypt"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service-admin.middlewares=service-admin"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.service-admin.basicauth.usersfile=/etc/traefik/auth"
注意:使用的traefik版本为2.2.1
我刚遇到同样的问题,解决方案似乎与给定的路线 priority 有关,请参阅 https://doc.traefik.io/traefik/routing/routers/#priority。
要考虑的routes是由traefik按priority排序的。默认情况下,priority 由路由的 rule 长度决定。这就是为什么接受的答案有效的原因。管理路由的规则更长。
我建议为这种情况手动设置一个非常高的优先级,因为如果你在原始路由中添加更多主机或其他表达式,traefik 基本上会忽略管理路由,因为它有一个短 rule .
我正在尝试用密码保护应用程序的特定路径,但似乎我遗漏了一些东西,而且 traefik 文档没有帮助:
从 docker 粘贴:
traefik:
command:
- "--log.level=INFO"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=email@email.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
服务:
labels:
- "traefik.enable=true"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service.rule=Host(`domain.example.com`)"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
如果我添加以下标签,基本身份验证可以正常工作,但它在整个网站上都已启用:
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service.middlewares=service,service-auth"
我试过像这样添加第二个路由器,但这似乎不起作用:
"traefik.http.routers.service-admin.rule=Host(
domain.example.com) && PathPrefix(/somepath)""traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service-admin.middlewares=service-auth"
我错过了什么?
我认为你配置错误的第二个路由器,尝试这样做
"traefik.http.routers.service-admin.rule=Host(domain.example.com) && PathPrefix(/somepath)"
"traefik.http.middlewares.service-admin.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service-admin.middlewares=service-admin"
"traefik.http.routers.service-admin.service=$yourservice"
我通过一些 "educated" 的猜测设法弄明白了。标签的顺序和它们之间的间距似乎起着至关重要的作用。添加第二个路由器(没有服务)确实是实现此目的的正确方法,但分离路由器和中间件代码块很重要:
- "traefik.enable=true"
- "traefik.http.routers.service.rule=Host(`example.example.com`)"
- "traefik.http.routers.service-admin.rule=Host(`example.example.com`) && PathPrefix(`/somepath`)"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
- "traefik.http.routers.service-admin.tls.certresolver=letsencrypt"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service-admin.middlewares=service-admin"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.service-admin.basicauth.usersfile=/etc/traefik/auth"
注意:使用的traefik版本为2.2.1
我刚遇到同样的问题,解决方案似乎与给定的路线 priority 有关,请参阅 https://doc.traefik.io/traefik/routing/routers/#priority。
要考虑的routes是由traefik按priority排序的。默认情况下,priority 由路由的 rule 长度决定。这就是为什么接受的答案有效的原因。管理路由的规则更长。
我建议为这种情况手动设置一个非常高的优先级,因为如果你在原始路由中添加更多主机或其他表达式,traefik 基本上会忽略管理路由,因为它有一个短 rule .