Securing Traefik Web UI

Securing Traefik Web UI

In one of our projects we use Traefik as a reverse proxy together with nginx and gunicorn to run a Django app in a docker-based environment. When deployed to production, we wanted to make the Traefik UI accessible for the customer, but keep it secure from unwanted visitors. Fortunately, Traefik offers a very simple yet powerful configuration option, which we enabled in a traefik.toml configuration file:

[web]
[web.auth.basic]
users = ["user:password"]


The [web] section tells traefik to apply the following configuration only to its own UI. To add an additional layer of security, we encoded the provided password using MD5 with htpasswd.

htpasswd -nbm user password


..and copy the generated hash into the Traefik configuration file. Upon visiting the Traefik UI, the visitor will now be prompted to enter these access credentials.

Side note: You can secure all Traefik frontends and entrypoints seperately with this method. With the following configuration, you can enable authentication for the https entrypoint:

[entryPoints]
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.auth.basic]
  users = ["user:HTTPSpassword"]


And this secures your frontend 'awesomefrontend':

[frontends]
  [frontends.awesomefrontend]
    backend = "awesomebackend"
    basicAuth = ["user:frontendpassword"]


Eintrag von Leon Roth am 05.04.2018

Tags: Traefik, Basic Auth

Diese Webseite verwendet Cookies, um die Bedienfreundlichkeit zu erhöhen. Mit der Nutzung unserer Webseite wird das Einverständnis erklärt, dass wir Cookies verwenden. Weitere Informationen.