Using multiple traefik middlewares using docker labels
I'm a Team Lead and Solutions Architect during the day, lazy "Dev Sec Ops" at night with a passion for selfhosting and data privacy. Free and Open Source advocate since 2005, I sporadically write Blog or Gemlog posts and share short notes and bookmarks on my website.
Quick post today just to highlight how to use multiple middlawares in a traefik configuration. I realized that I haven’t posted about it and all example I gave always used 1 middleware to redirect http to https. Today, let’s use more :).
For this example, I’m going to install homer (the very simplistic personal dashboard page). I used to have Heimdall installed on my cluster before the crash, but I never really used it. That’s because I thought it was too heavy for my need to be honest.
I decided to switch to homer because it is very lightweight and simple1 but this is not the goal of this post.
If I take the previous configuration shown, the “default” docker-compose would be:
Quick post today just to highlight how to use multiple middlawares in a traefik configuration. I realized that I haven’t posted about it and all example I gave always used 1 middleware to redirect http to https. Today, let’s use more :).
For this example, I’m going to install homer (the very simplistic personal dashboard page). I used to have Heimdall installed on my cluster before the crash, but I never really used it. That’s because I thought it was too heavy for my need to be honest.
I decided to switch to homer because it is very lightweight and simple1 but this is not the goal of this post.
If I take the previous configuration shown, the “default” docker-compose would be:
version: "3"
services:
homer:
image: b4bz/homer
networks:
- traefik-net
environment:
- PUID=1000
- PGID=1000
volumes:
- /path/to/containers-data/homer/data:/www/assets
deploy:
labels:
- traefik.enable=true
- traefik.http.services.dashboard-service.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard.entrypoints=http
# For https:
- traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard-secure.entrypoints=https
- traefik.http.routers.dashboard-secure.tls=true
- traefik.http.routers.dashboard-secure.tls.certresolver=le
- traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
- traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
placement:
constraints:
- node.role == worker
networks:
traefik-net:
external: true
But this only use one middle. To use multiple ones, we need to use a middleware chain instead of just a declared middleware.
In this example, I’m just going to add a basic http authentication. But this works the same if you added more like rate limiting and such.
Before editing the docker-compose file, we need to generate a user/password for the basic auth. Obviously, it is better to use a file to manage the credential (if you have more than one user at least), but for the sake of example, it is simpler that way.
To create the user/password information, use this command line (from the
traefik documentation). You need apache2-utils for the htpasswd
command on debian like distribution.
echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
The sed part is to double the $ sign as traefik needs it.
Then, edit the deploy part of the docker-compose file like this:
deploy:
labels:
- traefik.enable=true
- traefik.http.services.dashboard-service.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard.entrypoints=http
# For https:
- traefik.http.routers.dashboard-secure.rule=Host(`homer.domain.tld`)
- traefik.http.routers.dashboard-secure.entrypoints=https
- traefik.http.routers.dashboard-secure.tls=true
- traefik.http.routers.dashboard-secure.tls.certresolver=le
- traefik.http.middlewares.dashboard-redirect-dashboard-secure.redirectscheme.scheme=https
# We don't declare just a middleware here.
#- traefik.http.routers.dashboard.middlewares=dashboard-redirect-dashboard-secure
# HTTP auth:
# This is were you need to paste the result of the command above:
- "traefik.http.middlewares.dashboard-auth.basicauth.users=<user>:<GeneratedPasswordAbove>"
# Declaring the middleware chain:
- traefik.http.routers.dashboard-secure.middlewares=secured
# Add all middlewares in the chain:
- traefik.http.middlewares.secured.chain.middlewares=dashboard-redirect-dashboard-secure,dashboard-auth
If you need to add more, just add to the chain middlewares last line all the middlewares needed.
And voilà! As said, very short example of using a chain middlewares :).
From the « Homelab 2020 edition »: collection:
- Using multiple traefik middlewares using docker labels
- Home Lab part 8: Create a local docker registry to manage your own images
- RCA of my homelab cluster downtime
- Moving away from GlusterFS to a shared folder mounted via sshfs for my cluster storage
- Receive alerts when new images are available for your docker swarm cluster with Diun
- My Home Lab 2020, part 7: Keeping containers' log in rotation with logrotate
- My Home Lab 2020, part 6(v1): Temporary backup system
- My Home Lab 2020, part 5: External application status with Statping
- My Home Lab 2020, part 4: Running Services over https with Traefik
- My Home Lab 2020, part 3: Docker Swarm setup
- My Home Lab 2020, part 2: GlusterFS Setup
- My Home Lab 2020, part 1: Context and Architecture choices