Skip to main content

Securing Traefik Web UI

This blog post might be outdated!
This blog post was published more than one year ago and might be outdated!
· One min read

In one of our projects we use Traefik as a reverse proxy together with nginx and gunicorn to run a Django app in a docker-based environment. When deployed to production, we wanted to make the Traefik UI accessible for the customer, but keep it secure from unwanted visitors. Fortunately, Traefik offers a very simple yet powerful configuration option, which we enabled in a traefik.toml configuration file:

[web]
[web.auth.basic]
users = ["user:password"]

The [web] section tells traefik to apply the following configuration only to its own UI. To add an additional layer of security, we encoded the provided password using MD5 with htpasswd.

htpasswd -nbm user password

..and copy the generated hash into the Traefik configuration file. Upon visiting the Traefik UI, the visitor will now be prompted to enter these access credentials.

Side note: You can secure all Traefik frontends and entrypoints seperately with this method. With the following configuration, you can enable authentication for the https entrypoint:

[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.auth.basic]
users = ["user:HTTPSpassword"]

And this secures your frontend 'awesomefrontend':

[frontends]
[frontends.awesomefrontend]
backend = "awesomebackend"
basicAuth = ["user:frontendpassword"]