Merge pull request #677 from SantoDE/master
Add basic auth support for web backend
This commit is contained in:
commit
710fc56c6a
3 changed files with 55 additions and 5 deletions
12
docs/toml.md
12
docs/toml.md
|
@ -411,6 +411,18 @@ address = ":8080"
|
||||||
#
|
#
|
||||||
# Optional
|
# Optional
|
||||||
# ReadOnly = false
|
# ReadOnly = false
|
||||||
|
#
|
||||||
|
# To enable basic auth on the webui
|
||||||
|
# with 2 user/pass: test:test and test2:test2
|
||||||
|
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
|
||||||
|
# [web.auth.basic]
|
||||||
|
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||||||
|
# To enable digest auth on the webui
|
||||||
|
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
|
||||||
|
# You can use htdigest to generate those ones
|
||||||
|
# [web.auth.basic]
|
||||||
|
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
- `/`: provides a simple HTML frontend of Træfik
|
- `/`: provides a simple HTML frontend of Træfik
|
||||||
|
|
|
@ -221,6 +221,17 @@
|
||||||
# Optional
|
# Optional
|
||||||
# ReadOnly = false
|
# ReadOnly = false
|
||||||
|
|
||||||
|
# To enable basic auth on the webui
|
||||||
|
# with 2 user/pass: test:test and test2:test2
|
||||||
|
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
|
||||||
|
# [web.auth.basic]
|
||||||
|
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||||||
|
# To enable digest auth on the webui
|
||||||
|
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
|
||||||
|
# You can use htdigest to generate those ones
|
||||||
|
# [web.auth.basic]
|
||||||
|
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
||||||
|
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
# File configuration backend
|
# File configuration backend
|
||||||
|
|
37
web.go
37
web.go
|
@ -9,8 +9,10 @@ import (
|
||||||
"runtime"
|
"runtime"
|
||||||
|
|
||||||
log "github.com/Sirupsen/logrus"
|
log "github.com/Sirupsen/logrus"
|
||||||
|
"github.com/codegangsta/negroni"
|
||||||
"github.com/containous/mux"
|
"github.com/containous/mux"
|
||||||
"github.com/containous/traefik/autogen"
|
"github.com/containous/traefik/autogen"
|
||||||
|
"github.com/containous/traefik/middlewares"
|
||||||
"github.com/containous/traefik/safe"
|
"github.com/containous/traefik/safe"
|
||||||
"github.com/containous/traefik/types"
|
"github.com/containous/traefik/types"
|
||||||
"github.com/elazarl/go-bindata-assetfs"
|
"github.com/elazarl/go-bindata-assetfs"
|
||||||
|
@ -28,6 +30,7 @@ type WebProvider struct {
|
||||||
KeyFile string `description:"SSL certificate"`
|
KeyFile string `description:"SSL certificate"`
|
||||||
ReadOnly bool `description:"Enable read only API"`
|
ReadOnly bool `description:"Enable read only API"`
|
||||||
server *Server
|
server *Server
|
||||||
|
Auth *types.Auth
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -47,6 +50,7 @@ func goroutines() interface{} {
|
||||||
// Provide allows the provider to provide configurations to traefik
|
// Provide allows the provider to provide configurations to traefik
|
||||||
// using the given configuration channel.
|
// using the given configuration channel.
|
||||||
func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error {
|
func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error {
|
||||||
|
|
||||||
systemRouter := mux.NewRouter()
|
systemRouter := mux.NewRouter()
|
||||||
|
|
||||||
// health route
|
// health route
|
||||||
|
@ -103,15 +107,37 @@ func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessag
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
|
|
||||||
err := http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter)
|
if provider.Auth != nil {
|
||||||
|
authMiddleware, err := middlewares.NewAuthenticator(provider.Auth)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Error creating server: ", err)
|
log.Fatal("Error creating Auth: ", err)
|
||||||
|
}
|
||||||
|
var negroni = negroni.New()
|
||||||
|
negroni.Use(authMiddleware)
|
||||||
|
negroni.UseHandler(systemRouter)
|
||||||
|
|
||||||
|
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
|
||||||
|
err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, negroni)
|
||||||
|
} else {
|
||||||
|
err = http.ListenAndServe(provider.Address, negroni)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("Error creating server with Auth: ", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
err := http.ListenAndServe(provider.Address, systemRouter)
|
|
||||||
|
var err error
|
||||||
|
|
||||||
|
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
|
||||||
|
err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter)
|
||||||
|
} else {
|
||||||
|
err = http.ListenAndServe(provider.Address, systemRouter)
|
||||||
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Error creating server: ", err)
|
log.Fatal("Error creating server without Auth: ", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
@ -238,6 +264,7 @@ func (provider *WebProvider) getRoutesHandler(response http.ResponseWriter, requ
|
||||||
}
|
}
|
||||||
|
|
||||||
func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) {
|
func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) {
|
||||||
|
|
||||||
vars := mux.Vars(request)
|
vars := mux.Vars(request)
|
||||||
providerID := vars["provider"]
|
providerID := vars["provider"]
|
||||||
frontendID := vars["frontend"]
|
frontendID := vars["frontend"]
|
||||||
|
|
Loading…
Reference in a new issue