middleware

base.yml

@@ -53,6 +53,13 @@ services:
     #image: mistborn_production_traefik
     image: traefik:v2.2
     container_name: mistborn_production_traefik
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`traefik.mistborn`)"
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.middlewares=mistborn_headers@file"
+      - "traefik.http.routers.api.entrypoints=web"
+      #- "traefik.http.services.internal.loadbalancer.server.port=5000"
     depends_on:
       - django
     volumes:
@@ -67,11 +74,11 @@ services:
     #  #- "0.0.0.0:8080:8080/tcp" # dashboard
     command:
       ## API settings
-      #- --api.insecure=true
-      #- --api.dashboard=true
-      #- --api.debug=true
+      - --api.insecure=true
+      - --api.dashboard=true
+      - --api.debug=true
       ## Logs
-      - --log.level=ERROR
+      - --log.level=INFO
       ## Providers
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false
@@ -168,13 +175,16 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.pihole-http.rule=Host(`pihole.mistborn`)"
       - "traefik.http.routers.pihole-http.entrypoints=web"
-      - "traefik.http.routers.pihole-http.middlewares=mistborn_auth@file,add-pihole-admin"
+      - "traefik.http.routers.pihole-http.middlewares=mistborn_auth,add-pihole-admin"
       - "traefik.http.routers.pihole-https.rule=Host(`pihole.mistborn`)"
       - "traefik.http.routers.pihole-https.entrypoints=websecure"
-      - "traefik.http.routers.pihole-https.middlewares=mistborn_auth@file,add-pihole-admin"
+      - "traefik.http.routers.pihole-https.middlewares=mistborn_auth,add-pihole-admin"
       - "traefik.http.routers.pihole-https.tls.certresolver=basic"
       - "traefik.http.middlewares.add-pihole-admin.addPrefix.prefix=/admin"
       - "traefik.http.services.pihole-service.loadbalancer.server.port=80"
+      - "traefik.http.middlewares.mistborn_auth.forwardAuth.address=http://${MISTBORN_BIND_IP}:5000/auth/"
+      - "traefik.http.middlewares.mistborn_auth.forwardAuth.trustForwardHeader=true"
+      - "traefik.http.middlewares.mistborn_auth.forwardAuth.tls.insecureSkipVerify=true"
    environment:
      - ServerIP=10.2.0.3
      - DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used

compose/production/traefik/dynamic.toml

@@ -11,21 +11,15 @@
 [http.services]
   [http.services.cockpit.loadBalancer]
     [[http.services.cockpit.loadBalancer.servers]]
-      url = "http://10.2.3.1:9090"
+      url = "http://127.0.0.1:9090"
 
 [http.routers]
   [http.routers.cockpit]
     rule = "Host(`cockpit.mistborn`)"
     service = "cockpit"
     entrypoints = ["web", "websecure"]
-    middlewares = ["mistborn_auth"]
+    middlewares = ["mistborn_auth@docker"]
 
 [http.middlewares]
-  [http.middlewares.mistborn_auth.forwardAuth]
-    address = "http://10.2.3.1:5000/auth/"
-    trustForwardHeader = true
-    [http.middlewares.mistborn_auth.forwardAuth.tls]
-      insecureSkipVerify = true
-  
   [http.middlewares.mistborn_headers.headers]
     hostsProxyHeaders = ['X-CSRFToken']