-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
traefik leaks HTTP authentication data to backends #2805
Comments
I haven't tested, but I wonder if fixing could be as simple as adding Probably same for Digest. |
Just checked @ViViDboarder 's suggestion, works nicely for me so far. I'm neither a go programmer nor traefik expert, so the change might be too naive, e.g. you might want to make this configurable so it does not break existing installations. |
Closed by #3606 |
@fxkr Did you ever manage to get GoCD behind Traefik working? I was hoping for some guides on the internet but my research has hit dead ends... |
@riker09 tbh Apart from this issue it was workig fine I think, and a fix for this issue has been merged, but I have not tested it. But I can't tell for sure anymore, and I'm not running this combination at the moment. I doubt any guides for this specific deployment scenario exist. Unless there's further info (logs etc.) I'd start with tcpdump between GoCD and Traefik to figure out where it goes wrong. |
Thanks for your quick response. Yeah, I was looking for an easy way. Guess I have to do more debugging. |
Übrigens: Das SSL Zertifikat für https://fxkr.net/ ist abgelaufen. :) |
Found my mistake: I had the HTTP basic auth defined in the entrypoint, but kept the |
Do you want to request a feature or report a bug?
Could be both
What did you do?
Configure HTTP authentication at the entry point. Open it in browser. Enter valid user/password. Watch traefik->backend communication with wireshark.
What I actually wanted to do is get GoCD to work behind Traefik, but use Traefik's HTTP authentication feature to prevent access to GoCD to reduce the attack surface
What did you expect to see?
(This issue is not about making GoCD work. I know I can configure same user/password for Traefik as for GoCD, or remove HTTP auth from Traefik and just rely on GoCD's.)
What did you see?
Why does this matter
Output of
traefik version
: (What version of Traefik are you using?)What is your environment & configuration (arguments, toml, provider, platform, ...)?
The text was updated successfully, but these errors were encountered: