fix: add basic auth for dashboard service via traefik

compose.yml

@@ -16,23 +16,6 @@ x-extra_hosts: &extra_hosts
       - hasura${BASE_HOSTNAME}:host-gateway
       - storage${BASE_HOSTNAME}:host-gateway
       - traefik${BASE_HOSTNAME}:host-gateway
-###########################################################################
-# top-level Config
-# `user` password: user
-# `admin` password: admin
-###########################################################################
-configs:
-  .htpasswd:
-    content: |
-      user:$$apr1$$YOwuFkyc$$Exhx4Xoe0c.5SEDKjC3kz1
-      admin:$$apr1$$6Rri7sub$$PmETYWtbZZaiL6QdtELte1
-
-###########################################################################
-# top-level Secrets
-###########################################################################
-secrets:
-  authorized_keys:
-    file: .secrets
 
 services:
   ###########################################################################
@@ -62,7 +45,10 @@ services:
       traefik.http.routers.traefik.entrypoints: web,websecure
       traefik.http.routers.traefik.rule: Host(`traefik${BASE_HOSTNAME}`)
       traefik.http.routers.traefik.tls: "true"
+      traefik.http.routers.traefik.middlewares: traefik-auth
       traefik.http.services.traefik.loadbalancer.server.port: "8080"
+      traefik.http.middlewares.traefik-auth.basicauth.usersfile: /etc/traefik/.htpasswd
+      traefik.http.middlewares.traefik-auth.basicauth.removeheader: true
   ###########################################################################
   # postgres database
   ###########################################################################
@@ -401,6 +387,7 @@ services:
       traefik.http.routers.dashboard.rule: Host(`dashboard${BASE_HOSTNAME}`)
       traefik.http.routers.dashboard.service: dashboard
       traefik.http.routers.dashboard.tls: "true"
+      traefik.http.routers.dashboard.middlewares: traefik-auth
       traefik.http.services.dashboard.loadbalancer.server.port: "3000"
   ###########################################################################
   # configserver

infra/base/traefik/.htpasswd

@@ -0,0 +1,11 @@
+# Declaring the user list
+#
+# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
+# To create a user:password pair, the following command can be used:
+# echo $(htpasswd -nb username password)
+#
+# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
+# NOTE: run `chmod ugo+r infra/base/traefik/.htpasswd` if login didnot work.
+
+admin:$apr1$7vC1zbP9$SFFZH9SmhmxZTMjqT6LS/.
+user:$apr1$WZZU2Q18$GUg1FNaoed.T0fvF7REE8.

infra/base/traefik/dynamic.yml

@@ -16,20 +16,3 @@ tls:
 #    default:
 #      sniStrict: true
 
-
-# Declaring the user list
-#
-# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
-# To create a user:password pair, the following command can be used:
-# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
-#
-# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
-http:
-  # Add the middleware
-  middlewares:
-    my-basic-auth:
-      basicAuth:
-        users:
-        - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
-        - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
-        usersFile: /etc/traefik/.htpasswd

infra/base/traefik/traefik.yml

@@ -17,6 +17,7 @@ providers: # You can add more than one provider if needed
   docker:
     endpoint: "unix:///var/run/docker.sock"
     exposedByDefault: false # Only expose explicitly enabled containers
+    watch: true
     defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
   file:
     filename: /etc/traefik/dynamic.yml