Merge pull request #37 from beatz174-bit/codex/add-traefik-label-for-basic-authentication
Add Traefik basic-auth labels to mtls-bridge
This commit is contained in:
beatz174-bit
@@ -16,6 +16,7 @@ Internal HTTP-to-mTLS bridge for services that cannot present client certificate
|
|||||||
- `CA_CERT` (default `/certs/ca.crt`): CA certificate bundle used to verify upstream TLS.
|
- `CA_CERT` (default `/certs/ca.crt`): CA certificate bundle used to verify upstream TLS.
|
||||||
- `TIMEOUT` (default `5`): request timeout in seconds.
|
- `TIMEOUT` (default `5`): request timeout in seconds.
|
||||||
- `LOG_LEVEL` (default `INFO`): Python logging level.
|
- `LOG_LEVEL` (default `INFO`): Python logging level.
|
||||||
|
- `MTLS_BRIDGE_BASIC_AUTH_USERS` (required for Traefik auth): value for `traefik.http.middlewares.*.basicauth.users` (e.g. `user:$$apr1$$...`).
|
||||||
|
|
||||||
## Endpoints
|
## Endpoints
|
||||||
|
|
||||||
|
|||||||
@@ -19,6 +19,8 @@ services:
|
|||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.mtls-bridge.entrypoints=websecure"
|
- "traefik.http.routers.mtls-bridge.entrypoints=websecure"
|
||||||
- "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver"
|
- "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver"
|
||||||
|
- "traefik.http.routers.mtls-bridge.middlewares=mtls-bridge-auth"
|
||||||
|
- "traefik.http.middlewares.mtls-bridge-auth.basicauth.users=${MTLS_BRIDGE_BASIC_AUTH_USERS}"
|
||||||
- "io.portainer.accesscontrol.public"
|
- "io.portainer.accesscontrol.public"
|
||||||
# - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware"
|
# - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware"
|
||||||
- "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080"
|
- "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080"
|
||||||
|
|||||||
Reference in New Issue
Block a user