Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consul KV basicauth configuration for frontend not working #2718

Closed
eBeyond opened this issue Jan 17, 2018 · 7 comments
Closed

Consul KV basicauth configuration for frontend not working #2718

eBeyond opened this issue Jan 17, 2018 · 7 comments
Labels
area/provider/kv status/5-frozen-due-to-age
Milestone
1.6

Comments

@eBeyond
Copy link

eBeyond commented Jan 17, 2018
edited by ldez

Do you want to request a feature or report a bug?

BUG

What did you do?

I wanted to add basic-authentication to a frontend which is configured in consul KV
(configured as shown below)

What did you expect to see?

I would expect that the basic authentication for the frontend will be shown on access.

What did you see instead?

There is no basic auth.
Within the logs I see that basicAuth is null, as such I think that the configuration isn't loaded correctly.

Output of traefik version: (What version of Traefik are you using?)

v1.4.6 / roquefort

docker image:
traefik:v1.4.6

What is your environment & configuration (arguments, toml, provider, platform, ...)?

The configuration is run in a docker swarm mode cluster. The related configuration isn't loaded using docker swarm mode. It's an external service (backend) hosted outside of docker.

traefik/frontends/frontend-consul/:
traefik/frontends/frontend-consul/backend:backend-consul
traefik/frontends/frontend-consul/basicauth:me:=========myhash=========
traefik/frontends/frontend-consul/entrypoints/0:https
traefik/frontends/frontend-consul/passhostheader:false
traefik/frontends/frontend-consul/passtlscert:false
traefik/frontends/frontend-consul/priority:0
traefik/frontends/frontend-consul/routes/standard/:
traefik/frontends/frontend-consul/routes/standard/rule:Host:my-host

If applicable, please paste the log output in debug mode (--debug switch)

level=debug msg="Configuration received from provider consul: {"backends":{"backend-consul":{"servers":{"server1":{"url":"http://srv03:8500","weight":10},"server2":{"url":"http://srv04:8500","weight":20},"server3":{"url":"http://srv05:8500","weight":30}},"circuitBreaker":{"expression":"NetworkErrorRatio() > 0.5"},"loadBalancer":{"method":"wrr"}},"backend-r1":{"servers":{"server1":{"url":"http://srv03:15672","weight":10},"server2":{"url":"http://srv04:15672","weight":20},"server3":{"url":"http://srv05:15672","weight":30}},"circuitBreaker":{"expression":"NetworkErrorRatio() > 0.5"},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-consul":{"entryPoints":["https","http"],"backend":"backend-consul","routes":{"standard":{"rule":"Host:my-host"}},"passHostHeader":true,"priority":0,"basicAuth":null,"headers":{}},"frontend-r1":{"entryPoints":["https","http"],"backend":"backend-r1","routes":{"test_1":{"rule":"Host:r-host"}},"passHostHeader":true,"priority":0,"basicAuth":null,"headers":{}}}}"
@ldez
Copy link
Member

ldez commented Jan 17, 2018

Thanks for your interest in Traefik 😃

The support of the basic auth in the KV come in 1.6 (see the milestone section of #2652)

@ldez ldez closed this as completed Jan 17, 2018
@ldez
Copy link
Member

ldez commented Jan 17, 2018

A workaround can be the use of a custom template:

# Override default configuration template.
# For advanced users :)
#
# Optional
#
# filename = "consul.tmpl"

https://docs.traefik.io/configuration/backends/consul/

@ldez ldez added this to the 1.6 milestone Jan 17, 2018
@eBeyond
Copy link
Author

eBeyond commented Jan 18, 2018

I've tried that, but I've got the impression that the configuration file wasn't loaded. Any changes to the line with basicAuth has no effect.
Can you give me a small example?

@ldez
Copy link
Member

ldez commented Jan 18, 2018

Warning: I don't recommend to that because it's not compatible with storeconfig

In v1.5, you can add some coma separated values (not compatible with storeconfig), ex:

traefik/frontends/frontend-consul/basicauth: me:xxx,you:xxx,us:xxx
example 
{{$frontends := List .Prefix "/frontends/" }}
{{$backends :=  List .Prefix "/backends/"}}
{{$tlsconfiguration := List .Prefix "/tlsconfiguration/"}}

[backends]{{range $backends}}
{{$backend := .}}
{{$backendName := Last $backend}}
{{$servers := ListServers $backend }}

{{$circuitBreaker := Get "" . "/circuitbreaker/" "expression"}}
{{with $circuitBreaker}}
[backends."{{$backendName}}".circuitBreaker]
    expression = "{{$circuitBreaker}}"
{{end}}

{{$loadBalancer := Get "" . "/loadbalancer/" "method"}}
{{with $loadBalancer}}
[backends."{{$backendName}}".loadBalancer]
    method = "{{$loadBalancer}}"
    sticky = {{ getSticky . }}
    {{if hasStickinessLabel $backend}}
    [backends."{{$backendName}}".loadBalancer.stickiness]
      cookieName = "{{getStickinessCookieName $backend}}"
    {{end}}
{{end}}

{{$healthCheck := Get "" . "/healthcheck/" "path"}}
{{with $healthCheck}}
[backends."{{$backendName}}".healthCheck]
    path = "{{$healthCheck}}"
    interval = "{{ Get "30s" $backend "/healthcheck/" "interval" }}"
{{end}}

{{$maxConnAmt := Get "" . "/maxconn/" "amount"}}
{{$maxConnExtractorFunc := Get "" . "/maxconn/" "extractorfunc"}}
{{with $maxConnAmt}}
{{with $maxConnExtractorFunc}}
[backends."{{$backendName}}".maxConn]
    amount = {{$maxConnAmt}}
    extractorFunc = "{{$maxConnExtractorFunc}}"
{{end}}
{{end}}

{{range $servers}}
[backends."{{$backendName}}".servers."{{Last .}}"]
    url = "{{Get "" . "/url"}}"
    weight = {{Get "0"  . "/weight"}}
{{end}}
{{end}}

[frontends]{{range $frontends}}
    {{$frontend := Last .}}
    {{$entryPoints := GetList . "/entrypoints"}}
    [frontends."{{$frontend}}"]
    backend = "{{Get "" . "/backend"}}"
    passHostHeader = {{Get "true" . "/passHostHeader"}}
    priority = {{Get "0" . "/priority"}}
    entryPoints = [{{range $entryPoints}}
      "{{.}}",
    {{end}}]

### HERE
    {{$basicAuth := SplitGet . "/basicauth"}}
    basicAuth = [{{range $basicAuth }}
      "{{.}}",
      {{end}}]
### TO HERE

    {{$routes := List . "/routes/"}}
        {{range $routes}}
        [frontends."{{$frontend}}".routes."{{Last .}}"]
        rule = "{{Get "" . "/rule"}}"
        {{end}}
{{end}}

{{range $tlsconfiguration}}
{{$entryPoints := SplitGet . "/entrypoints"}}
[[tlsConfiguration]]
    entryPoints = [{{range $entryPoints}}
      "{{.}}",
    {{end}}]
    [tlsConfiguration.certificate]
        certFile = """{{Get "" . "/certificate" "/certfile"}}"""
        keyFile = """{{Get "" . "/certificate" "/keyfile"}}"""
{{end}}

@eBeyond
Copy link
Author

eBeyond commented Jan 18, 2018 via email
edited by ldez

@ldez
Copy link
Member

ldez commented Jan 18, 2018

My example is a copy of https://github.com/containous/traefik/blob/v1.5/templates/kv.tmpl, I just added a basic Auth template section.

As you can see I heavily rewritten the template on master https://github.com/containous/traefik/blob/master/templates/kv.tmpl and this template (on master) is not compatible with the 1.5.

@aantono
Copy link
Contributor

aantono commented Mar 14, 2018

Just ran into a similar issue with passHostHeader when using Consul KV. The issue is the case of the field name. If using storeconfig command, all the field names are being handled in all-lower-cased format, but the loading logic expects them to be camelCased. So basicauth from Consul does not map BasicAuth in Frontend struct.

@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/provider/kv status/5-frozen-due-to-age
Projects
None yet
Milestone
1.6
Development

No branches or pull requests
4 participants
@aantono @eBeyond @ldez @traefiker