DigestAuth
The DigestAuth middleware grants access to services to authorized users only.
Configuration Example
- Middleware Digest Authentication
- Secret with encoded credentials
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
digestAuth:
secret: authsecret
# Note: in a kubernetes secret the string (e.g. generated by htdigest) must be base64-encoded first.
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: traefik
data:
users: |2
dGVzdDp0cmFlZmlrOmEyNjg4ZTAzMWVkYjRiZTZhMzc5N2YzODgyNjU1YzA1CnRlc3QyOnRyYWVmaWs6NTE4ODQ1ODAwZjllMmJmYjFmMWY3NDBlYzI0ZjA3NGUKCg
Configuration Options
| Field | Description | Default | Required |
|---|---|---|---|
users | Array of authorized users. Each user must be declared using the name:realm:encoded-password format.The option users supports Kubernetes secrets.(More information here) | "" | No |
usersFile | Path to an external file that contains the authorized users for the middleware. The file content is a list of name:realm:encoded-password. (More information here) | "" | No |
realm | Allow customizing the realm for the authentication. | "traefik" | No |
headerField | Allow defining a header field to store the authenticated user. | "" | No |
removeHeader | Allow removing the authorization header before forwarding the request to your service. | false | No |
users
- If both
usersandusersFileare provided, the two are merged. The contents ofusersFilehave precedence over the values inusers. - For security reasons, the field
usersdoesn't exist for Kubernetes IngressRoute, and one should use thesecretfield instead.
usersFile
- If both
usersandusersFileare provided, the two are merged. The contents ofusersFilehave precedence over the values inusers. - For security reasons, the field
usersdoesn't exist for Kubernetes IngressRoute, and one should use thesecretfield instead.
Passwords format
Use htdigest to generate passwords.