From 0fcd7cc590b137e357709bb577aab420ee675cc9 Mon Sep 17 00:00:00 2001 From: jailmanager Date: Sat, 25 Jul 2020 21:04:35 +0000 Subject: [PATCH] Update from https://github.com/jailmanager/iocage-plugin-traefik/commit/e2162b1b97cd3df11f1aaaf92ef88dc370ac9bc5) --- content/plugins/traefik.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/content/plugins/traefik.md b/content/plugins/traefik.md index d3e6d2ff..d0e53622 100644 --- a/content/plugins/traefik.md +++ b/content/plugins/traefik.md @@ -43,7 +43,27 @@ If you have done it right, you can reach the Traefik admin dashboard using the d ## Usages -Currently we haven't migrated all jails to sit behind the traefik reverse proxy yet. We also didn't add security for the dashboard yet. -Thus it is currently not usable out of the box, although the Traefik installation is fully configured. +To add a jail to traefik, just add the following config parameter to the other jail (not traefik), where $traefikjail is the name of your traefik-jail: +``` + traefik_proxy: $traefikjail + +``` + + +If you want to add security to a jail, there are two opions: basic_auth or forward_auth. +**basic_auth:** +Basic_auth uses a simpel username and passowrd prompt before it allows anyone to open the site. It can be enabled by adding the following config parameter in addition to traefik_proxy. +``` + traefik_basic_auth: user1:password1 user2:password2 + +``` + +**forward_auth:** +forward_auth checks if you already have access (http not-403) to another website. It's more advanced to setup, but it (for example) enables you to easily add central authentication to jails using organizr. +The following is an example config, using an organizr jail. It needs to be added in addition to traefik_proxy: +``` + traefik_auth_forward: https://organizr.testdomain.com/api/?v1/auth&group=1 + +``` Although the web interface shows port 9080 and 9443, Traefik is actually also listening on the (more common) port 80 and 443, also known as normal (without port in the URL) http and https ports. \ No newline at end of file