0

I'm migrating an old API to Traefik 2 and I can't get forward auth to work. The configuration below is pretty much the equivalent of what we had with Traefik 1.7, but I keep getting "404 page not found" for everything unless I comment out the entry point middleware as well as the auth labels. The Traefik documentation doesn't seem to explain this in any more detail besides adding the middleware itself and some configuration options.

As I understand it this should do forward auth for the web and websecure entry points to the auth entry point and I assigned the /auth path on the auth entry point to our API container.

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      middlewares = ["auth"]
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http]
      middlewares = ["auth"]
    [entryPoints.websecure.http.tls]
  [entryPoints.auth]
    address = ":7000"

[http.middlewares]
  [http.middlewares.auth.forwardAuth]
    address = "http://127.0.0.1:7000/auth"

version: '3.8'
services:
  proxy:
    image: traefik:2.8
    volumes:
    ports:
      - 80:80
      - 443:443
      - 7000:7000
  api:
    image: api
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.api.entrypoints=websecure
        - traefik.http.routers.api.rule=Host(`api.example.org`)
        - traefik.http.services.api.loadbalancer.server.port=8000
        - traefik.http.routers.auth.entrypoints=auth
        - traefik.http.routers.auth.rule=PathPrefix(`/auth`)
        - traefik.http.services.auth.loadbalancer.server.port=8000
Steffen
  • 1,328
  • 3
  • 12
  • 29
  • 1
    what do you see in the logs ? what is the request which is reaching to traefik. I recommend enabling debug mode and check the error. – codeaprendiz Jul 21 '22 at 10:45
  • Thanks, I'm not sure why I forgot checking this. The error message was "Could not define the service name for the router: too many services". – Steffen Aug 12 '22 at 17:41

1 Answers1

0

I figured out my configuration had 2 issues.

  1. Middleware must be defined using the dynamic configurtation (note the change to auth@file):
[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      middlewares = ["auth@file"]
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http]
      middlewares = ["auth@file"]
    [entryPoints.websecure.http.tls]
  [entryPoints.auth]
    address = ":7000"

[providers.file]
  filename = "/etc/traefik/dynamic.toml"

[http.middlewares]
  [http.middlewares.auth.forwardAuth]
    address = "http://127.0.0.1:7000/auth"
  1. Multiple router definitions require explicit service targets:
version: '3.8'
services:
  api:
    image: api
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.api.entrypoints=websecure
        - traefik.http.routers.api.rule=Host(`api.example.org`)
        - traefik.http.routers.api.service=api # Required
        - traefik.http.services.api.loadbalancer.server.port=8000
        - traefik.http.routers.auth.entrypoints=auth
        - traefik.http.routers.auth.rule=PathPrefix(`/auth`)
        - traefik.http.routers.auth.service=auth # Required
        - traefik.http.services.auth.loadbalancer.server.port=8000
Steffen
  • 1,328
  • 3
  • 12
  • 29