coop-cloud/traefik
coop-cloud
/
traefik
5
0
Fork 6
Code Issues 7 Pull Requests Releases Wiki Activity

How to configure a second traefik-forward-auth on the same traefik instance? #30

New Issue
Closed
opened 2021-11-20 13:09:00 +00:00 by 3wordchant · 0 comments
3wordchant commented 2021-11-20 13:09:00 +00:00
Owner
Copy Link

Let's say we have swarm.example.com, running:

  • id.project.org (Keycloak)
  • secret.project.org (custom-html)
  • id.otherproject.org (Keycloak)
  • secret.otherproject.org (custom-html)

We want secret.project.org to require id.project.org login, and secret.otherproject.org to require id.otherproject.org login.

Currently, we can deploy two coop-cloud/traefik-forward-auth instances with different stack names, and configure them to point at the two Keycloak instances.

But! There's no way to tell Traefik about the second instance, because we only have one "slot" for an auth middleware.

One approach could be to duplicate that section, and have e.g. KEYCLOAK_MIDDLEWARE_2_ENABLED variable, keycloak2 middleware. This would (I think!) work fine for this specific case, but scaling to supporting a 3rd, 4th etc traefik-forward-auth would be increasingly annoying.

Is there any better way to define a variable set of auth middlewares?

Let's say we have swarm.example.com, running: - `id.project.org` (Keycloak) - `secret.project.org` (custom-html) - `id.otherproject.org` (Keycloak) - `secret.otherproject.org` (custom-html) We want `secret.project.org` to require `id.project.org` login, and `secret.otherproject.org` to require `id.otherproject.org` login. Currently, we can deploy two coop-cloud/traefik-forward-auth instances with different stack names, and configure them to point at the two Keycloak instances. But! There's no way to tell Traefik about the second instance, because [we only have one "slot" for an auth middleware](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/file-provider.yml.tmpl#L4-L10). One approach could be to duplicate that section, and have e.g. `KEYCLOAK_MIDDLEWARE_2_ENABLED` variable, `keycloak2` middleware. This would (I think!) work fine for this specific case, but scaling to supporting a 3rd, 4th etc `traefik-forward-auth` would be increasingly annoying. Is there any better way to define a variable set of auth middlewares?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
error-pages-again
metrics
basic-auth
error-messages-attempt
error-pages-attempt
minecraft
forward-auth-2
error-pages
rejig-compose-vars
self-signed
2.6.3+v2.11.2
2.6.2+v2.11.1
2.6.1+v2.11.0
2.6.0+v2.11.0
2.5.0+v2.11.0
2.4.3+v2.10.5
2.1.0+v2.9.9
2.4.2+v2.10.4
2.4.1+v2.10.3
2.4.0+v2.10.1
2.3.1+v2.10.2
2.3.0+v2.10.2
2.2.0+v2.10.2
2.2.0+v2.10.1
2.0.4+v2.9.6
2.0.3+v2.9.6
2.0.2+v2.9.5
2.0.0+v2.9.1
1.1.1+v2.8.1
1.1.0+v2.8.0
1.0.1+v2.5.6
1.0.0+v2.5.2
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/traefik#30
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?