💾 Archived View for gmi.bacardi55.io › blog › 2021 › 04 › 11 › multiple-middlewares-with-traefik captured on 2023-07-22 at 16:38:47. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

Using multiple traefik middlewares using docker labels

Posted on 2021-04-11

Quick post today just to highlight how to use multiple middlawares in a traefik configuration. I realized that I haven't posted about it and all example I gave always used 1 middleware to redirect http to https. Today, let's use more :).

For this example, I'm going to install homer[1] (the very simplistic personal dashboard page). I used to have Heimdall[2] installed on my cluster before the crash[3], but I never really used it. That's because I thought it was too heavy for my need to be honest.

1: https://github.com/bastienwirtz/homer

2: https://heimdall.site

3: https://bacardi55.io/2021/03/07/rca-of-my-homelab-cluster-downtime/

I decided to switch to homer because it is very lightweight and simple[^1] but this is not the goal of this post.

If I take the previous configuration shown, the "default" docker-compose would be:

version: "3"

services:
  homer:
    image: b4bz/homer
    networks:
      - traefik-net
    environment:
      - PUID=1000
      - PGID=1000
    volumes:
      - /path/to/containers-data/homer/data:/www/assets
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.services.dashboard-service.loadbalancer.server.port=8080
        - traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
        - traefik.http.routers.dashboard.entrypoints=http
        # For https:
        - traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
        - traefik.http.routers.dashboard-secure.entrypoints=https
        - traefik.http.routers.dashboard-secure.tls=true
        - traefik.http.routers.dashboard-secure.tls.certresolver=le
        - traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
        - traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
      placement:
        constraints:
          - node.role == worker

networks:
  traefik-net:
    external: true

But this only use one middle. To use multiple ones, we need to use a middleware chain instead of just a declared middleware.

In this example, I'm just going to add a basic http authentication. But this works the same if you added more like rate limiting and such.

Before editing the docker-compose file, we need to generate a user/password for the basic auth. Obviously, it is better to use a file to manage the credential (if you have more than one user at least), but for the sake of example, it is simpler that way.

To create the user/password information, use this command line (from the traefik documentation). You need apache2-utils for the htpasswd command on debian like distribution.

echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g

The sed part is to double the $ sign as traefik needs it.

Then, edit the deploy part of the docker-compose file like this:

    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.services.dashboard-service.loadbalancer.server.port=8080
        - traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
        - traefik.http.routers.dashboard.entrypoints=http
        # For https:
        - traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
        - traefik.http.routers.dashboard-secure.entrypoints=https
        - traefik.http.routers.dashboard-secure.tls=true
        - traefik.http.routers.dashboard-secure.tls.certresolver=le
        - traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
        # We don't declare just a middleware here.
        #- traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
        # HTTP auth:
        # This is were you need to paste the result of the command above:
        - "traefik.http.middlewares.dashboard-auth.basicauth.users=<user>:<GeneratedPasswordAbove>"
        # Declaring the middleware chain:
        - traefik.http.routers.dashboard-secure.middlewares=secured
        # Add all middlewares in the chain:
        - traefik.http.middlewares.secured.chain.middlewares=dashboard-redirect-dashboard-secure,dashboard-auth

If you need to add more, just add to the chain middlewares last line all the middlewares needed.

And voilà! As said, very short example of using a chain middlewares :).

[^1]: And if I'm not mistaken, the main developer is someone I used to work with and appreciate^^.

/gemlog/

Send me a gemini mention

send me an email!