Merge pull request #677 from SantoDE/master

Add basic auth support for web backend
This commit is contained in:
Emile Vauge 2016-09-19 16:48:05 +02:00 committed by GitHub
commit 710fc56c6a
3 changed files with 55 additions and 5 deletions

View file

@ -411,6 +411,18 @@ address = ":8080"
# #
# Optional # Optional
# ReadOnly = false # ReadOnly = false
#
# To enable basic auth on the webui
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
# [web.auth.basic]
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
# To enable digest auth on the webui
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
# [web.auth.basic]
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
``` ```
- `/`: provides a simple HTML frontend of Træfik - `/`: provides a simple HTML frontend of Træfik

View file

@ -221,6 +221,17 @@
# Optional # Optional
# ReadOnly = false # ReadOnly = false
# To enable basic auth on the webui
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
# [web.auth.basic]
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
# To enable digest auth on the webui
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
# [web.auth.basic]
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
################################################################ ################################################################
# File configuration backend # File configuration backend

37
web.go
View file

@ -9,8 +9,10 @@ import (
"runtime" "runtime"
log "github.com/Sirupsen/logrus" log "github.com/Sirupsen/logrus"
"github.com/codegangsta/negroni"
"github.com/containous/mux" "github.com/containous/mux"
"github.com/containous/traefik/autogen" "github.com/containous/traefik/autogen"
"github.com/containous/traefik/middlewares"
"github.com/containous/traefik/safe" "github.com/containous/traefik/safe"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/elazarl/go-bindata-assetfs" "github.com/elazarl/go-bindata-assetfs"
@ -28,6 +30,7 @@ type WebProvider struct {
KeyFile string `description:"SSL certificate"` KeyFile string `description:"SSL certificate"`
ReadOnly bool `description:"Enable read only API"` ReadOnly bool `description:"Enable read only API"`
server *Server server *Server
Auth *types.Auth
} }
var ( var (
@ -47,6 +50,7 @@ func goroutines() interface{} {
// Provide allows the provider to provide configurations to traefik // Provide allows the provider to provide configurations to traefik
// using the given configuration channel. // using the given configuration channel.
func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error { func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error {
systemRouter := mux.NewRouter() systemRouter := mux.NewRouter()
// health route // health route
@ -103,15 +107,37 @@ func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessag
} }
go func() { go func() {
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
err := http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter) if provider.Auth != nil {
authMiddleware, err := middlewares.NewAuthenticator(provider.Auth)
if err != nil { if err != nil {
log.Fatal("Error creating server: ", err) log.Fatal("Error creating Auth: ", err)
}
var negroni = negroni.New()
negroni.Use(authMiddleware)
negroni.UseHandler(systemRouter)
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, negroni)
} else {
err = http.ListenAndServe(provider.Address, negroni)
}
if err != nil {
log.Fatal("Error creating server with Auth: ", err)
} }
} else { } else {
err := http.ListenAndServe(provider.Address, systemRouter)
var err error
if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter)
} else {
err = http.ListenAndServe(provider.Address, systemRouter)
}
if err != nil { if err != nil {
log.Fatal("Error creating server: ", err) log.Fatal("Error creating server without Auth: ", err)
} }
} }
}() }()
@ -238,6 +264,7 @@ func (provider *WebProvider) getRoutesHandler(response http.ResponseWriter, requ
} }
func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) { func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) {
vars := mux.Vars(request) vars := mux.Vars(request)
providerID := vars["provider"] providerID := vars["provider"]
frontendID := vars["frontend"] frontendID := vars["frontend"]