Search code examples
dockertraefik

Traefik 2.0 - Forward Authentication and Basic Auth for same service depending on PathPrefix

I converted my Traefik from 1.7 to 2.1 yesterday, I have forward authentication (oauth) working for all my docker services. I cannot get two routers working for the same service.

Let's take Tautulli as an example. The web interface is properly secured now using oauth. However, in order for the Tautulli remote iOS app to work the /api PathPrefix needs to be exposed using a simpler basic auth instead.

Below I define two routers with different priority and different middleware. But https://tautulli.[DOMAINNAME]/api/v2?apikey?xxxx always redirects me to the oauth login; the tautulli-api-rtr router does not seem to be triggered. 

      tautulli:
        image: linuxserver/tautulli
        container_name: tautulli
        hostname: tautulli
        restart: unless-stopped
        networks:
          - t2_proxy
        volumes:
          - ${USERDIR}/docker/tautulli/config:/config
          - ${USERDIR}/docker/tautulli/logs:/logs:ro
        environment:
          PUID: ${PUID}
          PGID: ${PGID}
          TZ: ${TZ}
        labels:
          - "traefik.enable=true"   
       ## DEFAULT ROUTER      
          ## HTTP Routers
          - "traefik.http.routers.tautulli-rtr.entrypoints=https"
          - "traefik.http.routers.tautulli-rtr.priority=1" 
          - "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAINNAME`)" 
          - "traefik.http.routers.tautulli-rtr.tls=true"
          - "traefik.http.routers.tautulli-rtr.tls.certresolver=dns-cloudflare"
          ## Middlewares
          - "traefik.http.routers.tautulli-rtr.middlewares=secure-chain@file" 
          ## HTTP Services
          - "traefik.http.routers.tautulli-rtr.service=tautulli-svc"
          - "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181" 
    ## API ROUTER - not working, secure-chain@file middlewares still applied...
          ## HTTP Routers
          - "traefik.http.routers.tautulli-api-rtr.entrypoints=https"
          - "traefik.http.routers.tautulli-api-rtr.priority=99"
          - "traefik.http.routers.tautulli-api-rtr.rule=Host(`tautulli.$DOMAINNAME`) && PathPrefix(`/api`)" 
          - "traefik.http.routers.tautulli-api-rtr.tls=true"
          - "traefik.http.routers.tautulli-api-rtr.tls.certresolver=dns-cloudflare"
          ## Middlewares
          - "traefik.http.routers.tautulli-api-rtr.middlewares=noauth-chain@file" 
          ## HTTP Services
      - "traefik.http.routers.tautulli-api-rtr.service=tautulli-svc"

The middleware is defined in this excellent github:

https://github.com/htpcBeginner/docker-traefik/tree/master/traefik2/rules!

Appreciate any help or alternative solution!

Solution

  • This actually works as intended. I think I called the api of the wrong docker when debugging :) It was a late night