问题描述
我正在尝试用密码保护应用程序的特定路径,但似乎我遗漏了一些东西,而且 traefik 文档没有帮助:
I'm trying to password protect a specific path for an app, but it seems I am missing something and the traefik documentation is not helpful:
从 docker-compose 粘贴:
Paste from docker-compose:
command:
- "--log.level=INFO"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "[email protected]"
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
服务:
labels:
- "traefik.enable=true"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service.rule=Host(`domain.example.com`)"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
如果我添加以下标签,则基本身份验证有效,但已在整个网站上启用:
If I add the following labels basic auth is working but it's enabled on the whole website:
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service.middlewares=service,service-auth"
"traefik.http.routers.service.middlewares=service,service-auth"
我尝试像这样添加第二个路由器,但这似乎不起作用:
I played around with adding a second router like so, but that doesn't seem to work:
"traefik.http.routers.service-admin.rule=Host(
domain.example.com) && PathPrefix(/somepath)"
"traefik.http.routers.service-admin.rule=Host(
domain.example.com) && PathPrefix(/somepath)"
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.middlewares.service-auth.basicauth.usersfile=/etc/traefik/auth"
"traefik.http.routers.service-admin.middlewares=service-auth"
"traefik.http.routers.service-admin.middlewares=service-auth"
我错过了什么?
推荐答案
我通过一些有根据的"猜测设法弄清楚了.标签的顺序和它们之间的间距似乎起着至关重要的作用.添加第二个路由器(没有服务)确实是实现此目的的正确方法,但分离路由器和中间件代码块很重要:
I managed to figure it out with some "educated" guesses. It seems the order of the labels and the spacing between them plays a vital role. Adding a second router (without a service) was indeed the correct way of accomplishing this but separating the routers and middlewares code blocks was important:
- "traefik.enable=true"
- "traefik.http.routers.service.rule=Host(`example.example.com`)"
- "traefik.http.routers.service-admin.rule=Host(`example.example.com`) && PathPrefix(`/somepath`)"
- "traefik.http.routers.service.tls.certresolver=letsencrypt"
- "traefik.http.routers.service-admin.tls.certresolver=letsencrypt"
- "traefik.http.routers.service.middlewares=service"
- "traefik.http.routers.service-admin.middlewares=service-admin"
- "traefik.http.middlewares.service.headers.stsSeconds=31536000"
- "traefik.http.middlewares.service.headers.forceSTSHeader=true"
- "traefik.http.middlewares.service.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.service.headers.stsPreload=true"
- "traefik.http.middlewares.service.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.service.headers.browserXssFilter=true"
- "traefik.http.middlewares.service.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.service-admin.basicauth.usersfile=/etc/traefik/auth"
注意:使用的 traefik 版本是 2.2.1
Note: traefik version used is 2.2.1
这篇关于路径上的 Traefik 基本身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!