search

wiltonsr / ldapAuth

An open source Traefik Middleware that enables authentication via LDAP in a similar way to Traefik Enterprise
https://plugins.traefik.io/plugins/628c9eb7ffc0cd18356a979c/ldap-auth
Apache License 2.0
111 stars 10 forks source link

Customize settings per container #24

Closed MrNova111 closed 1 year ago

MrNova111 commented 1 year ago

Apologies if I am missing something in documentation or examples, but is there a straight forward way to have per container settings (for example, a different set of Allowed Groups) without duplicating common settings such as LDAP URL?

wiltonsr commented 1 year ago

Hi @MrNova111,

Thanks for your interest in ldapAuth.

is there a straight forward way to have per container settings (for example, a different set of Allowed Groups) without duplicating common settings such as LDAP URL?

Unfortunately, there isn't. If you try to overwrite the middleware configs traefik will return an error like this:

traefik  | time="2022-10-25T13:17:18Z" level=error msg="Middleware defined multiple times with different configurations in [...]" providerName=docker middlewareName=ldap_auth
MrNova111 commented 1 year ago

I believe I may have figured out a solution that uses go templating. In my configuration file I defined a template that contains all my common settings, and then created a middleware instance for each container router that references the common template:

{{define "ldapTemplate"}}Url: ldaps://example.org{{end}}
{{define "ldapConfig"}}http:
  middlewares:
    ui-ldapAuth:
      plugin:
        ldapAuth:
          LogLevel: DEBUG
          {{template "ldapTemplate"}}
          AllowedGroups:
            - groupA
    web-ldapAuth:
      plugin:
        ldapAuth:
          LogLevel: DEBUG
          {{template "ldapTemplate"}}
          AllowedGroups:
            - groupB
{{end}}
{{template "ldapConfig"}}

Then I simply assign each container service its own middleware:

version: '3.5'
services:
  traefik:
    image: traefik:v2.9
    volumes:
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./ldapAuth-conf.yml:/dynamic-conf/ldapAuth-conf.yml:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
  ui:
    labels:
      - traefik.enable=true
      - traefik.http.routers.ui.rule=Host(`ui.localhost`)
      - traefik.http.routers.ui.tls=true
      - traefik.http.routers.ui.middlewares=ui-ldapAuth@file
  web:
    labels:
      - traefik.enable=true
      - traefik.http.routers.web.rule=Host(`web.localhost`)
      - traefik.http.routers.web.tls=true
      - traefik.http.routers.web.middlewares=web-ldapAuth@file
wiltonsr commented 1 year ago

Glad to know that worked for you.

Only for future reference, the docs about traefik's go-templating could be found here.

It's only supported by YAML and TOML, so couldn't be used with label configs.