added detection for .htpasswd file and auto setting traefik dashboa…

…rd authZ on or off added `-N` flag to deactivate
Cielquan · Nov 17, 2019 · 51d24ce · 51d24ce
1 parent 29ef2f8
commit 51d24ce
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 7 deletions.
diff --git a/docker-compose.traefik.yaml b/docker-compose.traefik.yaml
@@ -80,14 +80,20 @@ services:
     labels:
       - traefik.enable=true
       - traefik.docker.network=traefik_proxy
-  ##### http
+  ##### https
+    ### middleware
+      # dashboard auth
+      - traefik.http.middlewares.mdw_TraefikAuth.basicauth.usersfile=/shared/.htpasswd
+      # dashboard chain
+      - traefik.http.middlewares.mdw_TraefikChainNoAuth.chain.middlewares=mdw_SecureHeaders@file
+      - traefik.http.middlewares.mdw_TraefikChainAuth.chain.middlewares=mdw_SecureHeaders@file,mdw_TraefikAuth
     ### routers
       # traefik dashboard
       - traefik.http.routers.rou_Traefik.entrypoints=https
       - traefik.http.routers.rou_Traefik.rule=Host(`traefik.${DOMAIN}`)
       - traefik.http.routers.rou_Traefik.tls=true
       - traefik.http.routers.rou_Traefik.tls.options=default
-      - traefik.http.routers.rou_Traefik.middlewares=mdw_SecureHeaders@file
+      - traefik.http.routers.rou_Traefik.middlewares=mdw_TraefikChain${TRAEFIK_AUTH:-NoAuth}
       - traefik.http.routers.rou_Traefik.service=api@internal
 
 

diff --git a/start_doth_dns.bash b/start_doth_dns.bash
@@ -61,7 +61,7 @@ exit_dc_err() {
 usage_string() {
   printf "\nUsage: %s [-f] [-a <arm|x86>] [-c] [-I <INTERFACE>] [-i <IP ADDRESS>] `
           `[-n <HOSTNAME>] [-t <TIMEZONE>] [-d <DOMAIN>] [-R] [-U] `
-          `[-p <traefik|nginx>] [-P] [-h]\n" "$0" 1>&2;
+          `[-p <traefik|nginx>] [-P] [-N] [-h]\n" "$0" 1>&2;
 }
 
 # Func for showing usage
@@ -80,7 +80,7 @@ help() {
 
 # ##########################################################################################
 # Catching flags
-while getopts ":fa:cI:i:n:t:d:RUp:Ph" flag; do
+while getopts ":fa:cI:i:n:t:d:RUp:PNh" flag; do
   case ${flag} in
     f) # Set for overwriting existing configs with new ones.
       _FLAG_FRESH='y'
@@ -126,6 +126,9 @@ while getopts ":fa:cI:i:n:t:d:RUp:Ph" flag; do
     P) # Start without a reverse proxy. Overwrites '-p'.
       _FLAG_NO_PROXY='y'
       ;;
+    N) # Deactivate traefik dashboard authorization
+      _FLAG_TRAEFIK_NOAUTH='y'
+      ;;
     h) # Shows this help page.
       help
       ;;
@@ -295,6 +298,17 @@ else
   fi
 fi
 
+# Set TRAEFIK_AUTH
+if ! [ -f traefik-docker/shared/.htpasswd ] || [[ "${_FLAG_TRAEFIK_NOAUTH}" == 'y' ]]; then
+  TRAEFIK_AUTH="NoAuth"
+  printf "%bINFO:   %b Treafik dashboard authorization is set to %bINACTIVE%b.\n" \
+          "${CYAN}" "${BLANK}" "${CYAN}" "${BLANK}"
+else
+  TRAEFIK_AUTH="Auth"
+  printf "%bINFO:   %b Treafik dashboard authorization is set to %bACTIVE%b.\n" \
+          "${CYAN}" "${BLANK}" "${CYAN}" "${BLANK}"
+fi
+
 
 # ##########################################################################################
 ### Change architecture specific stuff based on ARCHITECTURE
@@ -399,9 +413,9 @@ else
   printf "\n%bINFO:   %b Creating '.env' file.\n" "${CYAN}" "${BLANK}"
   _NEW_ENV='Created new'
 fi
-if printf "HOST_NAME=%s\nDOMAIN=%s\nTIMEZONE=%s\nUNBOUND_VARIANT=%s\nARCHITECTURE=%s\nINTERFACE=%s\nHOST_IP=%s" \
-            "${HOST_NAME}" "${DOMAIN}" "${TIMEZONE}" "${UNBOUND_VARIANT}" "${ARCHITECTURE}" \
-            "${INTERFACE}" "${HOST_IP}" | tee .env > /dev/null; then
+if printf "HOST_NAME=%s\nDOMAIN=%s\nTIMEZONE=%s\nUNBOUND_VARIANT=%s\nARCHITECTURE=%s\nINTERFACE=%s\nHOST_IP=%s`
+            `\nTRAEFIK_AUTH=%s" "${HOST_NAME}" "${DOMAIN}" "${TIMEZONE}" "${UNBOUND_VARIANT}" "${ARCHITECTURE}" \
+            "${INTERFACE}" "${HOST_IP}" "${TRAEFIK_AUTH}" | tee .env > /dev/null; then
   printf "%bSUCCESS:%b ${_NEW_ENV} '.env' file.\n" "${GREEN}" "${BLANK}"
 else
   if [ -f .env ]; then