I've been playing around with Traefik recently on my new VPS server as a reverse proxy.
It has a very neat dashboard which can be enabled , mostly to see which frontends and backends are enabled, but viewing some stats and a list of recent HTTP errors as well.
Most tutorials will explain to you how to enable it, but I would like to have it secured through Basic Authentication and accessible as any other normal URL I expose like my frontends.
Here below I will show you how to expose the dashboard as a publicly accessible URL, protected by Basic Auth and using Let's Encrypt to attach a valid SSL certificate to it.
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [entryPoints.traefik] address = "127.0.0.1:1337" [api] entrypoint="traefik" dashboard = true [api.statistics] recentErrors = 20 [acme] email = "< your email address>" storage = "< location of where acme.json should be>" entryPoint = "https" onHostRule = true onDemand = false [acme.httpChallenge] entryPoint = "http" ## Backends [backends] [backends.traefik] [backends.traefik.servers] [backends.traefik.servers.backend1] url = "http://127.0.0.1:1337" [backends.traefik.healthCheck] path = "/" interval = "10s" scheme = "http" # Frontends [frontends] [frontends.traefik] entryPoints = ["http", "https"] backend = "traefik" passHostHeader = true [frontends.traefik.routes] [frontends.traefik.routes.main] rule = "Host:<the url you want to have the dashboard exposed on>" [frontends.traefik.auth] [frontends.traefik.auth.basic] users = [ "< User and respective htpasswd digest >", ]
And there you have it. Be sure to have an existing DNS entry for your URL, otherwise Let's Encrypt will not issue a certificate, and install and use htpasswd to generate the user:digest combination to give access to the desired user to the dashboard.