Traefik Dashboard on its own URL

How to make the dashboard of Traefik publicly reachable as a URL.

Traefik Dashboard on its own URL

I've been playing around with Traefik recently on my new VPS server as a reverse proxy.

It has a very neat dashboard which can be enabled , mostly to see which frontends and backends are enabled, but viewing some stats and a list of recent HTTP errors as well.

Most tutorials will explain to you how to enable it, but I would like to have it secured through Basic Authentication and accessible as any other normal URL I expose like my frontends.

Here below I will show you how to expose the dashboard as a publicly accessible URL, protected by Basic Auth and using Let's Encrypt to attach a valid SSL certificate to it.

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
  [entryPoints.traefik]
  address = "127.0.0.1:1337"

[api]
entrypoint="traefik"
dashboard = true
  [api.statistics]
  recentErrors = 20

[acme]
email = "< your email address>"
storage = "< location of where acme.json should be>"
entryPoint = "https"
onHostRule = true
onDemand = false
  [acme.httpChallenge]
  entryPoint = "http"

## Backends
[backends]
  [backends.traefik]
    [backends.traefik.servers]
      [backends.traefik.servers.backend1]
      url = "http://127.0.0.1:1337"
      [backends.traefik.healthCheck]
        path = "/"
        interval = "10s"
        scheme = "http"

# Frontends
[frontends]
  [frontends.traefik]
    entryPoints = ["http", "https"]
    backend = "traefik"
    passHostHeader = true
    [frontends.traefik.routes]
      [frontends.traefik.routes.main]
      rule = "Host:<the url you want to have the dashboard exposed on>"
    [frontends.traefik.auth]
      [frontends.traefik.auth.basic]
      users = [
        "< User and respective htpasswd digest >",
      ]

And there you have it. Be sure to have an existing DNS entry for your URL, otherwise Let's Encrypt will not issue a certificate, and install and use htpasswd to generate the user:digest combination to give access to the desired user to the dashboard.

Mastodon