Some frontend configuration is ignored when re-using same backend

[jeffreykoetsier]

Do you want to request a feature or report a bug?

Bug

What did you do?

When two frontends are using the same backend, only the first processed frontend is able to set settings like basicAuth or whitelistSourceRange.

I would like to use multiple frontends to apply different behaviour based on the Path of the URI.

A simple test scenario:
Two frontends with a different PathPrefix but using the same backend

frontend website-a:

• priority: 10
• backend: app
• rule: "PathPrefix: /secure"
• basicAuth: ["aaa:aaa"]

frontend website-b:

• priority: 5
• backend: app
• rule: "PathPrefix: /hello"

backend app:

• url: "http://10.10.10.10:32779/"

A short investigation in Traefik's code reveals the following:

server/server.go:

    if backends[entryPointName+frontend.Backend] == nil {
      ...
      Configure IP Whitelist
      Configure Basic Auth
      etc.. etc..
      ...
    } else {
      log.Debugf("Reusing backend %s", frontend.Backend)
    }

It seems frontend specific settings are skipped because the backend is already configured.

When I duplicate the backend configuration to app2 and configure app2 as a backend on website-b the configuration works as expected.

What did you expect to see?

In case of basic authentication defined on two frontends using the same backend:

$ http localhost/secure
HTTP/1.1 401 Unauthorized

$ http localhost/hello
HTTP/1.1 200 OK

What did you see instead?

In case of basic authentication defined on two frontends using the same backend:

$ http localhost/secure
HTTP/1.1 401 Unauthorized

$ http localhost/hello
HTTP/1.1 401 Unauthorized

Output of traefik version: (What version of Traefik are you using?)

Traefik 1.4.0

What is your environment & configuration (arguments, toml, provider, platform, ...)?

    [file]
    [frontends]
      [frontends.website-a]
      priority = 10
      backend = "app"
      basicAuth = ["aaa:aaa"]
    
        [frontends.website-a.routes.a]
          rule = "PathPrefix: /secure"

      [frontends.website-b]
      priority = 5
      backend = "app"
    
      [frontends.website-b.routes.b]
        rule = "PathPrefix: /hello"
    
    [backends]
      [backends.app]
        [backends.app.servers.app]
        url = "http://10.10.10.10:32779/"

[dtomcej]

This will affect all middleware in this case, not just auth. Headers, rewrites etc, will all be affected.

[dimrozakis]

This just bit me as well. In my case, I had different frontends with different PathPrefixStrip rules, each one setting different customRequestHeaders, all connected to the same backend. All proxied requests would end up with the custom headers configured for the first frontend that was using the common backend.

[arnested]

I opened a pull request (#3312) with a fix for this.

Please provide feedback. There are certainly several ways to fix this.

[EugenMayer]

Same issue here, had this with redirects #3357 looking at your pr @arnested it seems like its an issue in the cache - the way i would think about that is that it would fix my issue too ( fixing them all at once, it seems not aspect bound with your fix ). Thanks for your work, looking forward to have that one merged :)