traefik/docs/content/middlewares/basicauth.md

# BasicAuth

Adding Basic Authentication
{: .subtitle }

![BasicAuth](../assets/img/middleware/basicauth.png)

The BasicAuth middleware is a quick way to restrict access to your services to known users.

## Configuration Examples

??? example "File -- Declaring the user list"

    ```toml
    [http.middlewares]
      [http.middlewares.test-auth.basicauth]
      users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
    ```

??? example "Docker -- Using an external file for the authorized users"

    ```yml
    a-container:
          image: a-container-image 
            labels:
              - "traefik.http.middlewares.declared-users-only.basicauth.usersFile=path-to-file.ext",
    ```

## Configuration Options

### General

Passwords must be encoded using MD5, SHA1, or BCrypt.

!!! tip 
   
    Use `htpasswd` to generate the passwords.

### users

The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.

!!! Note
    
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

### usersFile

The `usersFile` option is the path to an external file that contains the authorized users for the middleware.

The file content is a list of `name:encoded-password`.

??? example "A file containing test/test and test2/test2"

    ```
    test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
    test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
    ```

!!! Note
    
    If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

### realm

You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. 

### headerField

You can customize the header field for the authenticated user using the `headerField`option.

??? example "File -- Passing Authenticated Users to Services Via Headers"

    ```toml
      [http.middlewares.my-auth.basicauth]
        usersFile = "path-to-file.ext"
        headerField = "X-WebAuth-User" # header for the authenticated user
    ```

### removeHeader

Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`# BasicAuth`

			`Adding Basic Authentication`
			`{: .subtitle }`

			`![BasicAuth](../assets/img/middleware/basicauth.png)`

			`The BasicAuth middleware is a quick way to restrict access to your services to known users.`

			`## Configuration Examples`

			`??? example "File -- Declaring the user list"`

			```toml
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 08:30:04 +00:00			`[http.middlewares]`
			`[http.middlewares.test-auth.basicauth]`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",`
			`"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]`
			```

			`??? example "Docker -- Using an external file for the authorized users"`

			```yml
			`a-container:`
			`image: a-container-image`
			`labels:`
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 08:30:04 +00:00			`- "traefik.http.middlewares.declared-users-only.basicauth.usersFile=path-to-file.ext",`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			```

			`## Configuration Options`

			`### General`

			`Passwords must be encoded using MD5, SHA1, or BCrypt.`

			`!!! tip`

			Use `htpasswd` to generate the passwords.

			`### users`

			The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.

			`!!! Note`

			If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

			`### usersFile`

			The `usersFile` option is the path to an external file that contains the authorized users for the middleware.

			The file content is a list of `name:encoded-password`.

			`??? example "A file containing test/test and test2/test2"`

			```
			`test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/`
			`test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0`
			```

			`!!! Note`

			If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.

			`### realm`

			You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.

			`### headerField`

			You can customize the header field for the authenticated user using the `headerField`option.

			`??? example "File -- Passing Authenticated Users to Services Via Headers"`

			```toml
Add a new protocol Co-authored-by: Gérald Croës <gerald@containo.us> 2019-03-14 08:30:04 +00:00			`[http.middlewares.my-auth.basicauth]`
Documentation Revamp Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com> 2019-02-26 13:50:07 +00:00			`usersFile = "path-to-file.ext"`
			`headerField = "X-WebAuth-User" # header for the authenticated user`
			```

			`### removeHeader`

			Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)