💾 Archived View for gmi.bacardi55.io › blog › 2021 › 04 › 11 › multiple-middlewares-with-traefik captured on 2023-11-04 at 11:41:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
Posted on 2021-04-11
Quick post today just to highlight how to use multiple middlawares in a traefik configuration. I realized that I haven't posted about it and all example I gave always used 1 middleware to redirect http to https. Today, let's use more :).
For this example, I'm going to install homer[1] (the very simplistic personal dashboard page). I used to have Heimdall[2] installed on my cluster before the crash[3], but I never really used it. That's because I thought it was too heavy for my need to be honest.
1: https://github.com/bastienwirtz/homer
3: https://bacardi55.io/2021/03/07/rca-of-my-homelab-cluster-downtime/
I decided to switch to homer because it is very lightweight and simple[^1] but this is not the goal of this post.
If I take the previous configuration shown, the "default" docker-compose would be:
version: "3"
services:
homer:
image: b4bz/homer
networks:
- traefik-net
environment:
- PUID=1000
- PGID=1000
volumes:
- /path/to/containers-data/homer/data:/www/assets
deploy:
labels:
- traefik.enable=true
- traefik.http.services.dashboard-service.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard.entrypoints=http
# For https:
- traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard-secure.entrypoints=https
- traefik.http.routers.dashboard-secure.tls=true
- traefik.http.routers.dashboard-secure.tls.certresolver=le
- traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
- traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
placement:
constraints:
- node.role == worker
networks:
traefik-net:
external: true
But this only use one middle. To use multiple ones, we need to use a middleware chain instead of just a declared middleware.
In this example, I'm just going to add a basic http authentication. But this works the same if you added more like rate limiting and such.
Before editing the docker-compose file, we need to generate a user/password for the basic auth. Obviously, it is better to use a file to manage the credential (if you have more than one user at least), but for the sake of example, it is simpler that way.
To create the user/password information, use this command line (from the traefik documentation). You need apache2-utils for the htpasswd command on debian like distribution.
echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
The sed part is to double the $ sign as traefik needs it.
Then, edit the deploy part of the docker-compose file like this:
deploy:
labels:
- traefik.enable=true
- traefik.http.services.dashboard-service.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard.entrypoints=http
# For https:
- traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard-secure.entrypoints=https
- traefik.http.routers.dashboard-secure.tls=true
- traefik.http.routers.dashboard-secure.tls.certresolver=le
- traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
# We don't declare just a middleware here.
#- traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
# HTTP auth:
# This is were you need to paste the result of the command above:
- "traefik.http.middlewares.dashboard-auth.basicauth.users=<user>:<GeneratedPasswordAbove>"
# Declaring the middleware chain:
- traefik.http.routers.dashboard-secure.middlewares=secured
# Add all middlewares in the chain:
- traefik.http.middlewares.secured.chain.middlewares=dashboard-redirect-dashboard-secure,dashboard-auth
If you need to add more, just add to the chain middlewares last line all the middlewares needed.
And voilà! As said, very short example of using a chain middlewares :).
[^1]: And if I'm not mistaken, the main developer is someone I used to work with and appreciate^^.