Traefik 2.0 - 根据 PathPrefix 为同一服务转发身份验证和基本身份验证
Traefik 2.0 - Forward Authentication and Basic Auth for same service depending on PathPrefix
我昨天将我的 Traefik 从 1.7 转换为 2.1,我的所有 docker 服务都有前向身份验证 (oauth)。我无法让两个路由器为同一服务工作。
我们以陶图利为例。 Web 界面现在使用 oauth 得到了适当的保护。但是,为了让 Tautulli 远程 iOS 应用程序正常工作,需要使用更简单的基本身份验证来公开 /api PathPrefix。
下面我定义了两个不同优先级和不同中间件的路由器。但是 https://tautulli.[DOMAINNAME]/api/v2?apikey?xxxx 总是将我重定向到 oauth 登录; tautulli-api-rtr 路由器似乎没有被触发。
tautulli:
image: linuxserver/tautulli
container_name: tautulli
hostname: tautulli
restart: unless-stopped
networks:
- t2_proxy
volumes:
- ${USERDIR}/docker/tautulli/config:/config
- ${USERDIR}/docker/tautulli/logs:/logs:ro
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
labels:
- "traefik.enable=true"
## DEFAULT ROUTER
## HTTP Routers
- "traefik.http.routers.tautulli-rtr.entrypoints=https"
- "traefik.http.routers.tautulli-rtr.priority=1"
- "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAINNAME`)"
- "traefik.http.routers.tautulli-rtr.tls=true"
- "traefik.http.routers.tautulli-rtr.tls.certresolver=dns-cloudflare"
## Middlewares
- "traefik.http.routers.tautulli-rtr.middlewares=secure-chain@file"
## HTTP Services
- "traefik.http.routers.tautulli-rtr.service=tautulli-svc"
- "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181"
## API ROUTER - not working, secure-chain@file middlewares still applied...
## HTTP Routers
- "traefik.http.routers.tautulli-api-rtr.entrypoints=https"
- "traefik.http.routers.tautulli-api-rtr.priority=99"
- "traefik.http.routers.tautulli-api-rtr.rule=Host(`tautulli.$DOMAINNAME`) && PathPrefix(`/api`)"
- "traefik.http.routers.tautulli-api-rtr.tls=true"
- "traefik.http.routers.tautulli-api-rtr.tls.certresolver=dns-cloudflare"
## Middlewares
- "traefik.http.routers.tautulli-api-rtr.middlewares=noauth-chain@file"
## HTTP Services
- "traefik.http.routers.tautulli-api-rtr.service=tautulli-svc"
中间件定义在这个优秀github:
https://github.com/htpcBeginner/docker-traefik/tree/master/traefik2/rules!
感谢任何帮助或替代解决方案!
这实际上按预期工作。我想我在调试的时候调用了错误的docker的api :) 那是一个深夜
我昨天将我的 Traefik 从 1.7 转换为 2.1,我的所有 docker 服务都有前向身份验证 (oauth)。我无法让两个路由器为同一服务工作。
我们以陶图利为例。 Web 界面现在使用 oauth 得到了适当的保护。但是,为了让 Tautulli 远程 iOS 应用程序正常工作,需要使用更简单的基本身份验证来公开 /api PathPrefix。
下面我定义了两个不同优先级和不同中间件的路由器。但是 https://tautulli.[DOMAINNAME]/api/v2?apikey?xxxx 总是将我重定向到 oauth 登录; tautulli-api-rtr 路由器似乎没有被触发。
tautulli:
image: linuxserver/tautulli
container_name: tautulli
hostname: tautulli
restart: unless-stopped
networks:
- t2_proxy
volumes:
- ${USERDIR}/docker/tautulli/config:/config
- ${USERDIR}/docker/tautulli/logs:/logs:ro
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
labels:
- "traefik.enable=true"
## DEFAULT ROUTER
## HTTP Routers
- "traefik.http.routers.tautulli-rtr.entrypoints=https"
- "traefik.http.routers.tautulli-rtr.priority=1"
- "traefik.http.routers.tautulli-rtr.rule=Host(`tautulli.$DOMAINNAME`)"
- "traefik.http.routers.tautulli-rtr.tls=true"
- "traefik.http.routers.tautulli-rtr.tls.certresolver=dns-cloudflare"
## Middlewares
- "traefik.http.routers.tautulli-rtr.middlewares=secure-chain@file"
## HTTP Services
- "traefik.http.routers.tautulli-rtr.service=tautulli-svc"
- "traefik.http.services.tautulli-svc.loadbalancer.server.port=8181"
## API ROUTER - not working, secure-chain@file middlewares still applied...
## HTTP Routers
- "traefik.http.routers.tautulli-api-rtr.entrypoints=https"
- "traefik.http.routers.tautulli-api-rtr.priority=99"
- "traefik.http.routers.tautulli-api-rtr.rule=Host(`tautulli.$DOMAINNAME`) && PathPrefix(`/api`)"
- "traefik.http.routers.tautulli-api-rtr.tls=true"
- "traefik.http.routers.tautulli-api-rtr.tls.certresolver=dns-cloudflare"
## Middlewares
- "traefik.http.routers.tautulli-api-rtr.middlewares=noauth-chain@file"
## HTTP Services
- "traefik.http.routers.tautulli-api-rtr.service=tautulli-svc"
中间件定义在这个优秀github:
https://github.com/htpcBeginner/docker-traefik/tree/master/traefik2/rules!
感谢任何帮助或替代解决方案!
这实际上按预期工作。我想我在调试的时候调用了错误的docker的api :) 那是一个深夜