Path Auth

Path auth is a middleware plugin for Traefik which enables authorization on the path when chained behind traefik-forward-auth or basic auth, making it possible to place simple user authorization based on regex and userlists defined in middleware.

Configuration

Static

Copy
[experimental.pilot]
  token = "xxxx"

[experimental.plugins.pathauth]
  modulename = "github.com/aarlint/pathauth"
  version = "v0.1.0"

Dynamic

To configure the Path Auth plugin you should create a middleware in your dynamic configuration as explained here. The following example creates and uses the pathauth middleware plugin to ensure the user's email is allowed to visit the regexed path.

In order to use this middleware you must chain it behind traefik-forward-auth.

Copy
http:
  # Add the router
  routers:
    my-router:
      entryPoints:
      - http
      middlewares:
      - pathauth
      service: service-foo
      rule: Path(`/foo`)

  # Add the middleware
  middlewares:
    pathauth:
      plugin:
        groups:
        #group key names can be anything you want
          admin:
            - [email protected]
            - [email protected]
            
        paths:
          - regex: ^/notls$
            groups:
              - admin
          # this path is accessible by anyone who makes it here because public key = true
          - regex: ^/public$
            public: true
          # this path is accessible by anyone listed in the admin group plus [email protected]
          - regex: ^/other$
            users: 
              - [email protected]
            groups:
              - admin
  # Add the service
  services:
    service-foo:
      loadBalancer:
        servers:
        - url: http://localhost:5000/
        passHostHeader: false