NashTech Blog

Get in touch

Securing Your Application: Basic Authentication with Traefik Proxy

Picture of mohdshahenvazkhan
mohdshahenvazkhan
Table of Contents

Introduction

Hello, reader! I hope you are in good health. In today’s blog, I will explain Securing Your Application: Basic Authentication with Traefik Proxy. If you’re not familiar with Traefik, let me give you a brief overview: Traefik is an open-source application proxy that receives requests on behalf of your system, identifies which components are responsible for handling them, and routes them securely. Without further ado, let’s get started!

Application Setup

For this application, I am using Python as the programming language, and I have a very basic Flask application with a single /home route that returns the message “Welcome to the home page.” The application listens on port 4000.

#save the file with this name --> app.py
from flask import Flask

app = Flask(__name__)

@app.route('/home')
def HomePage():
    return "Welcome to home page"

app.run("0.0.0.0",4000,debug=True)

Now to run this application open your terminal and type below command

$ python3 app.py

To access this application open your web browser and type http://127.0.0.1:4000/home in return you will see a message Welcome to home page.

Dockerizing the application

For this demo we need to dockerize this application below is the docker file for this application 

#save it on the same directory where your app.py with filename as Dockerfile
FROM python:3.8-slim-buster

RUN pip3 install Flask==2.3.2

COPY . .

EXPOSE 4004

CMD ["python3", "app.py"]

now that we have the docker file we will use it in the next step.

Configuring Traefik Proxy

To configure Traefik proxy we will use Docker compose file with below configurations

# save this file with name as docker-compose.yaml
version: '3'

services:
  reverse-proxy:
    image: traefik:v3.1
    command:
      --api.insecure=true
      --providers.docker
    ports:
      - "80:80"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  myapp:
    build: ./
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myapp.rule=Host(`example.com`)"
      - "traefik.http.routers.myapp.middlewares=test-auth"
      - "traefik.http.middlewares.test-auth.basicauth.users=test:{SHA}66CC/0VRfAa9Nlwv3h/HfNp6j28="

In the Docker Compose file, we have two containers: the first one is the reverse proxy (Traefik), which contains the Traefik configurations, and the second one is my application (whoami), which includes the details about our app. The labels are used so that Traefik can manage the application. The label traefik.http.routers.whoami.rule=Host(example.com) tells Traefik to route requests that come from the host example.com to this service. The label traefik.http.middlewares.test-auth.basicauth.users=test:{SHA}66CC/0VRfAa9Nlwv3h/HfNp6j28= configures Traefik to use middleware for basic authentication, with the username test and the password in encrypted form. You can generate your password using htpasswd, or simply search for “generate SHA1 password” and replace the encrypted password with your own.

Now open your terminal and create an extry for example.com which will reference 127.0.0.1 inside the /etc/hosts file after doing that run below command

$ docker compose build 
$ docker compose up

open your web-browser and type example.com/home you will see a prompt box will appear asking you to provide username and password.

Picture of mohdshahenvazkhan

mohdshahenvazkhan

Mohd Shahenvaz Khan works as a DevOps Software Consultant at Nashtech. He's really good at making sure software development goes smoothly. He's great at finding ways to make things work better and faster. His job is to help teams work together better and make awesome software.

Leave a Comment

Your email address will not be published. Required fields are marked *

Suggested Article

Scroll to Top