coop-cloud/traefik
7
1
Fork 12
Code Issues 11 Pull Requests 1 Releases Wiki Activity

How to configure a second traefik-forward-auth on the same traefik instance? #30

New Issue
Closed
opened 2021-11-20 13:09:00 +00:00 by 3wordchant · 0 comments
3wordchant commented 2021-11-20 13:09:00 +00:00
Owner
Copy Link

Let's say we have swarm.example.com, running:

  • id.project.org (Keycloak)
  • secret.project.org (custom-html)
  • id.otherproject.org (Keycloak)
  • secret.otherproject.org (custom-html)

We want secret.project.org to require id.project.org login, and secret.otherproject.org to require id.otherproject.org login.

Currently, we can deploy two coop-cloud/traefik-forward-auth instances with different stack names, and configure them to point at the two Keycloak instances.

But! There's no way to tell Traefik about the second instance, because we only have one "slot" for an auth middleware.

One approach could be to duplicate that section, and have e.g. KEYCLOAK_MIDDLEWARE_2_ENABLED variable, keycloak2 middleware. This would (I think!) work fine for this specific case, but scaling to supporting a 3rd, 4th etc traefik-forward-auth would be increasingly annoying.

Is there any better way to define a variable set of auth middlewares?

Let's say we have swarm.example.com, running: - `id.project.org` (Keycloak) - `secret.project.org` (custom-html) - `id.otherproject.org` (Keycloak) - `secret.otherproject.org` (custom-html) We want `secret.project.org` to require `id.project.org` login, and `secret.otherproject.org` to require `id.otherproject.org` login. Currently, we can deploy two coop-cloud/traefik-forward-auth instances with different stack names, and configure them to point at the two Keycloak instances. But! There's no way to tell Traefik about the second instance, because [we only have one "slot" for an auth middleware](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/file-provider.yml.tmpl#L4-L10). One approach could be to duplicate that section, and have e.g. `KEYCLOAK_MIDDLEWARE_2_ENABLED` variable, `keycloak2` middleware. This would (I think!) work fine for this specific case, but scaling to supporting a 3rd, 4th etc `traefik-forward-auth` would be increasingly annoying. Is there any better way to define a variable set of auth middlewares?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se fauno flancian Frando iexos jade javielico jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moritz nicksellen notplants p4u1 pau pharaohgraphy renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/traefik#30
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?