mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-10-24 14:01:19 +02:00
Code Issues Projects Releases Wiki Activity
traefik/docs/content/middlewares/basicauth.md
Jean-Baptiste Doumenjou 2e20394af4 Update the middleware documentation
2019-04-08 17:14:08 +02:00

2.8 KiB
Raw Blame History

BasicAuth

Adding Basic Authentication {: .subtitle }

BasicAuth

The BasicAuth middleware is a quick way to restrict access to your services to known users.

Configuration Examples

# Declaring the user list
labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-auth
spec:
  basicAuth:
    users:
    - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
    - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0

# Declaring the user list
labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

# Declaring the user list
[http.middlewares]
  [http.middlewares.test-auth.basicauth]
  users = [
    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
  ]

Configuration Options

General

Passwords must be encoded using MD5, SHA1, or BCrypt.

!!! tip

Use `htpasswd` to generate the passwords.

users

The users option is an array of authorized users. Each user will be declared using the name:encoded-password format.

!!! Note

If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

usersFile

The usersFile option is the path to an external file that contains the authorized users for the middleware.

The file content is a list of name:encoded-password.

??? example "A file containing test/test and test2/test2"

```
test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
```

!!! Note

If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

realm

You can customize the realm for the authentication with the realm option. The default value is traefik.

headerField

You can customize the header field for the authenticated user using the headerFieldoption.

labels:
  - "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: my-auth
spec:
  basicAuth:
    # ...
    headerField: X-WebAuth-User

[http.middlewares.my-auth.basicauth]
  # ...
  headerField = "X-WebAuth-User"

removeHeader

Set the removeHeader option to true to remove the authorization header before forwarding the request to your service. (Default value is false.)