2.3 KiB
BasicAuth
Adding Basic Authentication {: .subtitle }
The BasicAuth middleware is a quick way to restrict access to your services to known users.
Configuration Examples
??? example "File -- Declaring the user list"
```toml
[http.middlewares]
[http.middlewares.test-auth.basicauth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
```
??? example "Docker -- Using an external file for the authorized users"
```yml
a-container:
image: a-container-image
labels:
- "traefik.http.middlewares.declared-users-only.basicauth.usersFile=path-to-file.ext",
```
Configuration Options
General
Passwords must be encoded using MD5, SHA1, or BCrypt.
!!! tip
Use `htpasswd` to generate the passwords.
users
The users option is an array of authorized users. Each user will be declared using the name:encoded-password format.
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
usersFile
The usersFile option is the path to an external file that contains the authorized users for the middleware.
The file content is a list of name:encoded-password.
??? example "A file containing test/test and test2/test2"
```
test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
```
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
realm
You can customize the realm for the authentication with the realm option. The default value is traefik.
headerField
You can customize the header field for the authenticated user using the headerFieldoption.
??? example "File -- Passing Authenticated Users to Services Via Headers"
```toml
[http.middlewares.my-auth.basicauth]
usersFile = "path-to-file.ext"
headerField = "X-WebAuth-User" # header for the authenticated user
```
removeHeader
Set the removeHeader option to true to remove the authorization header before forwarding the request to your service. (Default value is false.)