New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding an explanation how to use htpasswd
for k8s secret
#6194
Conversation
Hello, You don't need to encode the result to base64. I think you are using a docker-compose file, so you need to escape
You can try it with this simple example: version: "3.7"
services:
traefik:
image: traefik:v2.1.2
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --api
- --providers.docker.exposedbydefault=false
ports:
- 80:80
- 443:443
labels:
traefik.enable: true
traefik.http.routers.traefik.rule: Host(`traefik.localhost`)
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.traefik.entrypoints: web
# echo $(htpasswd -bnBC 10 admin secret) | sed -e s/\\$/\\$\\$/g
# curl -u admin:secret http://whoami.localhost
traefik.http.middlewares.auth.basicauth.users: admin:$$2y$$10$$zdGj/1e2U9K1S1kSyI3dqu.XLOkMwvU7RFuR.54.Wwy36iSrB13te
# htpasswd -bnBC 10 admin admin | openssl base64
# curl -u admin:admin http://whoami.localhost
# Doesn't work: level=error msg="error parsing BasicUser: YWRtaW46JDJ5JDEwJEZHYVN0YnR2Q0JjZWswdGczUWdMYU8yWWViMHNLSlpZT3o4STgub2w1OFNQTmNQRjd5WXpPCgo="
# traefik.http.middlewares.auth.basicauth.users: YWRtaW46JDJ5JDEwJEZHYVN0YnR2Q0JjZWswdGczUWdMYU8yWWViMHNLSlpZT3o4STgub2w1OFNQTmNQRjd5WXpPCgo=
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: containous/whoami:v1.4.0
labels:
traefik.enable: true
traefik.http.routers.whoami.rule: Host(`whoami.localhost`)
traefik.http.routers.whoami.entrypoints: web
traefik.http.routers.whoami.middlewares: auth |
@ldez: I tried to deploy on Kubernetes and got an error saying "invalid base64..." |
So the base64 is not required for all providers: only for K8s secret. The base64 encoding is a requirement of So, you can add a comment in the IngressRoute example to explain that (like in the Docker example), but it cannot be a global tip. Could you edit your PR, thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moving the explanation to the right place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
htpasswd
htpasswd
for k8s secret
Thanks @ldez for clarification and quick approval. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
The tip to use htpasswd was not very clear. You have to encode the result to base64. Adding an example command.
What does this PR do?
The tip to use htpasswd was not very clear. You have to encode the result to base64. Adding an example command.
Motivation
Make it easier to use basic auth and generate a base64 encoded string.
More